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**F I LE®*1D**SYSCHKPRO 


SSSSSSSS_ YY YY SSSSSSSS cccccccc =H HH KK KK PPPPPPPP RRRRRRRR 000000 
SSSSSSSS_ YY YY SSSSSSSS CcccccCC §=HH HH KK KK PPPPPPPP RRRRRRRR 000000 
ss YY YY $$ cc HH HH KK KK PP PP RR RR 00 00 
SS YY vY $$ cc HH HH KK KK PP PP RR RR 00 
$$ YY YY SS cc HH HH KK KK PP PP RR RR 00 00 
YY YY SS cc HH HH KK KK PP PP RR RR 00 00 
SSSSSS YY SSSSSS cc HHHHHHHHHH = KKKKKK PPPPPPPP RRRRRRRR 00 00 
SSSSSS YY SSSSSS cc HHHHHHHHHH = KKKKKK PPPPPPPP RRRRRRRR 00 00 
SS YY SS CC HH HH KK KK PP RR RR 00 00 
SS YY SS CC HH HH KK KK PP RR RR 00 00 
SS YY ss CC HH HH KK KK PP RR RR 00 00 cece 
SS YY ss CC HH HH KK KK PP RR RR 00 00 cece 
SSSSSSSS YY SSSSSSSS cccccccc =H HH KK KK PP RR RR 000000 cece 
SSSSSSSS YY SSSSSSSS cccccccc =H HH KK KK PP RR RR 000000 cece 
LL IIIII] SSSSSSSS 
LL Hi] SSSSSSSS 
LL I] SS 
LL Il $$ 
LL I] $$ 
LL I] SS 
it I] SSSSSS 
LL I] SSSSSS 
LL I] SS 
LL I] SS 
LL I] SS 
LL I] SS 
LLLLLLLLLL III! SSSSSSSS 
LLLLLLLLLL HI] SSSSSSSS 
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~TITLE SaaS - CENTRAL PROTECTION CHECK ALGORITHM 
IDENT ‘*v0Q4-000' 
~-ENABL DBG 
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COPYRIGHT (c) 1978, 1980, 1982, 1984 BY 
DIGITAL EQUIPMENT CORPORATION, MAYNARD, MASSACHUSETTS. 
ALL RIGHTS RESERVED. 


OFTWARE IS FURNISHED UNDER A LICENSE AND MAY BE USED AND COPIED 
N ACCORDANCE WITH THE TERMS OF SUCH LICENSE AND WITH THE 
I F THE E R 
Pp 


: SOFTWARE OR ANY OTHE 
: EREOF MAY NOT BE PROVIDED OR OTHERWISE MADE AVAILABLE TO ANY 
: RSON. NO TITLE TO AND OWNERSHIP OF THE SOFTWARE IS HEREBY 
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THE INFORMATION IN THIS SOFTWARE IS SUBJECT TO CHANGE WITHOUT NOTICE 
D SHOULD NOT BE CONSTRUED AS A COMMITMENT BY DIGITAL EQUIPMENT 


AN 
CORPORATION. 


DIGITAL ASSUMES NO RESPONSIBILITY FOR THE USE OR RELIABILITY OF ITS 
SOFTWARE ON EQUIPMENT WHICH IS NOT SUPPLIED BY DIGITAL. 
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-++ 
FACILITY: VAX/VMS Exec 


; ABSTRACT: 
This module contains the routines that implement the protection 
check algorithms used within VMS (UIC protect ten, Access Control 
Lists, Classification mask check, etc. 

; ENVIRONMENT: 
VAX/VMS Exec. 


: AUTHOR: L. Mark Pilant, CREATION DATE: 18-Feb-1983 


SSSSsssssss 


ooooooo 


(with thanks to A. Goldstein) 
; MODIFIED BY: 
v03-023 LMP0293 L. Mark Pilant, 2-Aug-1984 12:16 
Clear the local ACL_PRESENT flag if SS$_IVACL is returned 
from EXESCHECKACL, So that EXESGET_AUDIT is not called. 


V03-022 LMP0286 L. Mark Pilant, 26-Jul-1984 12:49 
Fix a broken intermediate branch. 


v03-021 ACGO440 Andrew C. Goldstein 23-Jul-1984 13:42 
Add classification valid flag to ORB; use GRPPRV only with 


Soooooo 
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~SEP-19 SYS.SRCIS SYSCHKPRO. MAR; 1 
UIC format owner ID 
V03-020 LMP0264 Mark Pilant 26-Jun-1984 13:49 
Check for SS$_ IvAeL returning from EXESCHECKACL. 
V03-019 LMP0249 ark Pilant, ty, hn 8:51 
Modify EXESGET _avbIT’ to handle an ACL queue correctly. 
v03-018 LMP0245 L. Mark Pilant, 1-May-1984 16:57 


Remove She reference to R10 within the ACL segment scanning 
Loo is bug caused the segment count to be used as the 
CHP TL block d 


ress. 

VO3-017 LMP0242 k Pilant, 27-Apr-1984 14:19 
Allow the BYPASS” Boe) a. to override SS$_IVACL. 

V03-016 LMP0239 L. Mark Pilant 23-Apr-1984 9:15 
Add a common return point so that the block allocated from 
the Pl lookaside List may be returned. 

v03-015 TMHOO15S Tim Halvorsen 14-Apr-1984 
Fix V03-014 to define entry point as EXESCHKPRO, not SYSSCHKPRO. 

V03-014 LMP0221 L. Mark Pilant, 7-Apr-1984 14:55 
Add support for the new internal interface. 

v03-013 LMP0215 L. Mark Pilant, 21-Mar-1984 14:01 


Make sure that the SYSTEM and OWNER protection fields have 
control access when going from a word to the vector. 


VO3-012 LMP0214 Mark Pilant, 21-Mar-1984 11:51 
Change EXESCHECKPROT. 16 to use the address of the protection 
word, rather that thé protection word itself. 


—— eee ees 


v03-011 LMPO0199 L. Mark Pilant, 28-Feb-1984 12:40 
Correctly handle an ACL segment padded with zero. 

v03-010 ACG0392 Andrew C. Goldstein, 19-Jan-1984 21:21 
Add match-all identifier 

v03-009 Aceopns Andrew C. Goldstein, 4-Jan-1984 19:55 

Fix loop exit in ACL check (bug in ACG0384) 

V03-008 ACG0384 Andrew C. Goldstein, 19-Dec-1983 16:22 
Allow SYSTEM and OWNER access to override ACL 

V03-007 LMP0177 L. Mark Pilant, 7-Dec-1983 12:42 


SOOCOCSCSSOOOSOOSOOSOOSOSSOSSOSOSOSOOSOSOSOOSOOOSOSOOSOSOOOOSOSOOSOOOOO 
SDOSOOCOCOOCOSCOOOOOSOOOOSOSOOOCOSOOCOSOSOSOSOSOOOSOS OOOO OOOOOOOOOOSoOOO 


Enable the conditional fami y'seresfonery ¢ classification 
check by uncqunens tog tn e the location 
of the flag from EXESGL_FLAGS to EXESGL “DY IC_FLAGS. 


v03-006 ACG0354 Andrew C. Goldstein, ernment 983 14:33 
General code cleanup and tightening, add CONTROL access 
via READALL priv irs Remove CHP$_ACCESSRIGHTS item. 


vO3-005 LMPO0145 k Pilan 25-Aug-1983 11:34 
Ignore default ACés eos on kee protection check. 


SOOCOCCOCOCOCOCOOCOCOOCOO OOOO SOOSOOOOOSOSOOOOOOOOOOOOOOOOOOOOO 

3 § A~QOODOODOOCOOO0OOOO0O 0 OOO 0090000 0909 09 09 09 09 INI NINN NI NIN NIA AAA AAAAAOOUN 
PAN @ OOOO NE WIN OS OD NAME WIN OOO NAN E WIN $$ O OO NAME WIN OO ONOAU EW OO 
Be So Se Se Ge Se Se Ge Ge Se Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Fe Ge Ge Ge Fe Ge Ge Fe Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge 
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v03-004 LMPBUILD L. Mark Pilant, 28-Jun-1983 11:32 
Fix a broken branch. 
v03-003 LMP0115 L. Mark Pilant, 19-May-1983 10:38 
Miscellaneous fixes. 
v03-002 og be L. Mark Pilant, 30-Apr-1983 1:58 


Add logic to enable the access allowed to be returned. 
Also, several miscellaneous minor bugs were fixed. 


v03-001 LMP0106 L. Mark Pila 26-Apr-1983 16:39 
Change register usage in EXESSEARCH. RIGHT. 
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] 1 -SBTTL LIBRARY STRUCTURE DEFINITIONS AND MACROS 
1 : SACEDEF 3 access control List entry 
134 SACLDEF ; ACL segment structure offsets 
135 SARBDEF ; Agent's rights bloc 
1 § SARMDEF 3 access bitmask definitions 
1 SCHPDEF 3: service item codes 
0 1 8 SCHPCTLDEF 3; CHKPRO control block offsets 
0 1 SCHPRETDEF ; SCHKPRO return arg block offsets 
0 140 That 3 non-discretionary classification mask 
00 141 SDSCDEF 3; string descriptor 
8 146 SIPLDEF 3; Prior ty levels 
14 SORBDEF 3; Object’s rights block 
Bp 144 SPCBDEF 3; process control block 
145 SPRDEF ; Processor registers 
00 198 SPRBDEF ; internal structure protection block 
000 14 SPRVDEF j privitege bits 
0000 148 SLOEF 3; PSL fields 
0000 149 SSDEF 3 system statue codes 
44 130 SUICDEF 3; UIC and identifier format 
48 13 3; Macro to generate the necessary table entries based upon the item code. 
444 133 te pe TABLE_ENTRY CODE, SIZE, INDEX, OFFSET 
= — 
0000 138 a MIN _SIZE_TABLE+CODE 
0000 15 -BYTE SIZE 
0000 =«—158 = INDEX_TABLE+CODE 
0000 159 -BYTE INDEX 
464 199 — hed ecndieeas ties 
itd 166 = OF FSET_TABLE+<CODE*4>+ INDEX 
nt cir 
0000 165 -ENDM TABCE_ENTRY; CODE, SIZE, INDEX, OFFSET 
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] 
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~SBTTL LOCAL CONSTANTS AND FLAGS 


MAX_ACL DESC= #0 


MAXTRIGRY DESC maximum number of acl segment descrs 


maximum number of rights segment descrs 
(actually one less, since the List 
must be zero terminated) 


00000012 MAX_CHP_CODE= CHPS$_MAX_CODE-1 


0 
: Define the index values used to determine the address of the local 

05 ; protection structure and the offset into that structure. 

0 ARB_ bet fe 
oe ce 
= 

§0900008 09 CHPRET— INDEX= : 

i Define the Local block used when processing the user's item List. 
00000000 000 prover ADDR= 0 ; protege tay structure address tabl 
00000010 000 LOCAL _ARB= 16 Lae rights bloc . 

00 ASSURE ARBSC HEADER a? ARBSL RIGHT LisT¢aRe $ ~RIGHTSLIST 
00000030 000 RIGHTS _LIST= LOCAL_A BeARBSL LR HTSLIST 08) ent’ $ rights List 
0000005C 00 LOCA N ‘on RB= RIGHTS tiste< mag RicHT DESC *4> 0 yest s rights block 
00000084 00 LOCAL “CHPCTL= LOCAL, ORBSORGSC CENGTH™ ; eonerol. § 
000000C 0 LOCAL_ “CHPRET= LOCAL_ CHPCTL+CHPCTLSC LENGTH eel arg block 
QO0000E 0 PRIVS_USED= borat =CHPRET +CHPRE TSC onEneTN : Privs used storage 
QOOOODEC 00 ACL_LIST= PRIVS7U +4 ACL egm ment descr List 
0000018C RIGATS DESC= ACL VPrsts<MAx ach DESCaD C$C_S_BLN> ; Rights List descri 


LOCAL_LENGTH= RIGHTS_DESC+<MAX “ge epEseenscse _5_BLN> 
; ength of the local storage block 
ASSUME LOCAL LENGTH LE 512 hus be less than a page 


; Local flags used in EXESCHKPRO_INT. 


SODOOOOOO OOOO O00 OOOO 00000009 09 09 090909 SIN NIN NINN Oe 
NAME WIN OS OO NAME WN 9 OD NOAM EWN 0 OONOU SW OOaon 


PRIPIPIMIPINIPINGAY 0 0 tt ot ee 


00000000 CHKPRO_V_ACL_PRESENT= 0 ; ACL is present 
00000001 CHKPRO_V_INTERNAL= 1 ; internal vs system service entry 
00000002 CHKPRO_V_NO_CHPRET= 2 ; CHPRET block not supplied 

000001 cen M_ACL a teed T@CHKPRO_V_ACL_ PRESENT ; ACL is present 
00000002 CHKPRO_M_ INTERN 1aCHKPRO”V_ INTERNAL ; internal vs system service 
00000004 CHKPRO_M_NO_ CHPRET= 1a@CHKPRO_V_NO_CHPRET ; CHPRET block not supplied 


5 
SYSCHKPRO TION CHECK ALGORITHM” —16+SEP 
¥04-000 , g-3eF 


ao- 


~SBTTL ITEM CODE TABLE 
-PSECT YSEXEPAGED 
The following table defines t 


IN_SIZE_TABLE: 


OOoOoCoococe Vv, 
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00000013 ~-BLKB CHPS_MAX_CODE 

; The following table define th 
00000026 

OFF SET_TABLE: 
00000072 CHPS_MAX_CODE*4 
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E 
E 

14 

t 
? ; structure, based upon the item code. 
: INDEX_TABLE : 
Z -BLKB CHPS_MAX_CODE 
5 ; The following table defines t 
§ 3 structures. The table is or 
f ; These are for the ARB, ORB, 
9 
? -BLKB 

34 

34 

% 

3 
9 

40 

a 

28 

44 

45 

46 

47 

48 m 

rh TABLE_ENTRY 
1 
2 
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S 


he minimum sizes for the various item codes. 


e index associated with the local protection 


he offsets into the various protection 
anized such that there are four offset bytes. 
HKCTL, and CHPRET blocks in that order. 


3; Now fill the tables defined above. 


HP$_END 0, 0, 0 

CHPS-ACCESS, 4. CHPCTL_INDEX, CHPCTLS$L_ACCESS 

HP$ "FLAGS, 4; CHPCTL-INDEX, CHPCTLSL~FLAGS 
P$"PRIV 8, ARB_INBEX ARB$Q_PRIV 

CHP$~ACMODE 1 CHPCTL_INDEX, CHPCTC$B_MODE 

CHPS"ACCLASS, 20, ARB_ INDEX, ARBS$R_CLAS 
P$"RIGHTS, s ARB~ INDEX. ARBSL-RIGHTSLIST 

CHPS$"ADDRIGHTS, 8. ARB~ INDEX, ARBS$L~RIGHTSLIST 
P$"MOD 1, ORB~ INDEX. ORBS$B_MODE 
P$~MODES ORB~ INDEX, ORB$Q~MODE_PRO 

CHPS"MINCLASS, 20, ORB INDEX. ORBSR-MIN_CLASS 

CHPS"MAXCLASS. 20, ORB~ INDEX, RBSR-MAX~CLASS 
P$"OWNER, 4, ORB INDEX, ORBSL ~OWNE 

HP$ "PROT, Zz ORB- INDEX. ORBSW~PROT 

HP$ "ACL ORB” INDE ORBSL~ACL_DESC 

CHPS"AUDITNAME, 1, CHPRET_INOEX, | CHPRETS$W_AUDITLEN 
P$"ALARMNAME. 1. CHPRET~INDEX. | CHPRET$W~ALARMLEN 
P$"MATCHEDACE,4. CHPRET-INDEX. CHPRETSW-MATCHED ACE 

CHPS"PRIVUSED, 4. CHPRET-INDEX, | CHPRETSLPRIVS_USED 


wv 
‘zx 
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FUNCTIONAL DESCRIPTION: 


This routine implements the SCHKPRO system service, which 
serves as a centralized protection check. Depending on the 
items suppi ied. the following forms of protection check 
are ava 

access mode 

non-discret onary ¢ classification 

3 core control List 

e SOGW mask 


; uate log and alarm 

; CALLING SEQUENCE: 

EXESCHKPRO (ITEM_LIST) 
| 
| 


INPUT PARAMETERS: 
ITEM_LIST: address of item descriptor List 


; IMPLICIT INPUTS: 
SCHSGL_CURPCB: PCB address of process 
previous access mode (access mode of caller) 


; OUTPUT PARAMETERS: 
ITEM_LIST: address of item descriptor List 


IMPLICIT OUTPUTS: 
NONE 
ROUTINE VALUE: 
SS$_NORMAL: access granted 
SS$"NOPRIV: access denied 
SS$"ACCVIO: item List or item buffers inaccessible 


SIDE EFFECTS: 
NONE 


Se Se Se Ge Se Ge Ge Se Ge Ge Ge Se Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Se Ge Se Ge Ge 


; Define the offsets into the routine argument List 


CHKPRO_ARGCOUNT= 0 
CHKPRO_ITMLST= 4 
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~SBTTL SCHKPRO SYSTEM SERVICE INITIAL SETUP 


; Within the main body of the rotection checking routine (i.e., the item 
; descriptor scanner), the following register conventions are used: 


wt 
Oo 
xro 
no 
mo 


Ril = address of the local storage ptoe 

R10 = address of the current item List 
return Length storage address 

R8 - input/output buffer address 

R7 - size of the jnput/outpu buffer 

R6 - index into rights descriptor list 

R5 - address for item in local protection structure 
-ENABLE LSB 

sENTRY EXESCHKPRO, “M<R2,R3,R4,R5,R6,R7,RB,R9,R1I0,R11> 
; Local storage block from P1 lookaside List. 


REMQUE @CTLSGL_KRPFL,R11 i; Else allocate from ¢ ppeehas ide list 
BVC ; Xfer if able to get o 
; BUG_CHECK KRPEMPTY S ilse come to a streeching halt 
: Set up the initial defaults in the local protection structures. 

MOVCS #0,(SP),#O,#LOCAL_LENGTH,(R11) ; Initially clear out the block 
up ARB defaults. 


@#SCHSGL_CURPCB,R 


Sete Ge Ge Ge Ge Ge Ge Gee 
zz 
oO 
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OFFC 


5B 00000000'FF 
04 


-—O 
on 


Ur. 
wr 
ee 


6B O184 BF 00 6E 00 


™m 
Oo 
2 
nw 
@ 
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50 00000000'9F 
10 AB =008C DO. 30 
50.10 


68 2 
20 A046 


urrent PCB yoerese 


MOVAB LOCAL RRB(R115,RO ; ddréss of protection 
MOVL 0, STRUCT_ADDR(R11) ; Save ARB address for later 
CLRL Re’ 3 Reset rignts | list £ segnent " telles 
10$: TSTL Apgst _RIGHTSLIST(RO)CR6]° nd 9 the 

BEQL =-:*15$ : Xfer if so, index now set 

Re 3; Else up the index 
BRB $ 3; And try the next one 


3; Set up ORB defaults. 


15$: MOVAB LOCAL _ORB(R11), 
MOVL RO, STRUCT _ADDR+ 
MOVL #4, ORBSB MODE (R 


; Set up CHPCTL block defaults. 


MOVAB LOCAL See eA : get address of protection structure 
O.STRUCT_A BLATT e CHPCTL address for later 
MOVL #CHPCTLSM~ REAR EMPCTUSM, nites CHPCTLS$L_FLAGS (RO) 

HOVPSL : allowing ver _reed and write access 


R1 t PSL 
EXTZV  #PSLSV_PRVMOD,#PSLSS _prvitods Ri mart: "MODE RO) 
: get accessor mode 


ucture 
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; Set address of protection structure 
; Save ORB address for later 
; Defau.ct access mode of object 
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up the CHPRET block defaults. 
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MOVL 
MOVC3 M#ARBSC_HEADER ShCBSL LARBIR Y LOCAL® ARB(R11) Copy minimal ARB 
e r 


Lt 


MOVQ STRUCT_ADDR(R11) ,RO ; Get ARB and ORB addresses 
MOVO = STRUCT“ADDR+8(R11),R2 ; Now for CHPCTL and CHPRET addresses 
BRW EXESCHRPRO_CMN ; join common code 
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50 00c0d 9 C MOVAB LOCAL_CHPRET(R11),R ; Set address of protection struct 
OC AB i 06 6B 386 MOVE” ROCSTROCT ADDRSIOER TI) ¢ Sere CHPRET. cdbece fan tater ue 
24 AO OOE8 CB E +4 ¢' MOVAB PRIVS_USEB(R11),CHPRETSL_PRIVS_USED(RO) ; Where to return privs used 
+ 86 ; Start the item List processing. 
SA 04 AC DO OODA 64 MOVL CHKPRO_ITMLST(AP),R10 ; set the address of the item List 
DF 92 IFRD #4,(R10),GET_ITEM ; probe first longword of item List 
OF $ ; Error returns. 
BES $3 RETURN_ACCVIO: 
50 9g 9 E4 0 MOVL #SS$_ACCVIO,RO 3 set error status 
03 1 id 4 BRW RETURN_P1_BLOCK 3; ~=and return 
OEA ig BADPARAM: 
50 3614 9 OEA 74 MOVL #SS$_BADPARAM,RO ; set status 
O34C 31 OED f3 BRW RETURN_P1_BLOCK > and return 
oro sg : To here when all of the item descriptors have been processed. Now begin 
OF 78 ; the actual protection checking. This consists of calling a series of 
te 6 3; routines to do the various checks. 
OOFO 381 FINISH_ITEMS: 
DD OOFO Hf PUSHL R11 ; Save address of the local storage block 
4 OQO0F2 8 CLRL R7 ; Reset all flags & indicate service entry 

OOF4 84 
OOF7 85 
0OFB 86 


SY’ 


oe, 
| 
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43 B3 ~SBTTL SCHKPRO SYSTEM SERVICE ITEM SCANNING 
4; 4 ; Scan through the item List, acquiring the input information as encountered. | 
FE 34 GET_ITEM: | 
57 «BA 36 FE MOVZWL (R10)+,R7 3 get next item Length 
D \ 101 94 BEQL FSi Su ALTERS ; 1f zero, end of List 
54 A C 0103 95 MOVZWL (R10)+,R4 3; get item code 
2m = 6h 3 38 CMPL R4,#MAX_ CHP_CODE 3; range check item code 
DF «61A «COO 9 BGTRU BAOPARAR 
51 FEFO CF44 GA QO} ; 38 MOVZBL nin SIZE_TABLECR4],R1 ; get minimum size allowed 
= se 9 CMPL R7,R1 ; less than the min required? 
04 iF 0114 400 BLSSU BASPARAR : xfer if so 
gate t83 IFNORD #12,(R10),RETURN_ACCVIO1 ; probe rest of item + start of next 
58 BA dO O11C 4 : MOVL  (R10)+,R8 : get buffer address 
A 44 44 O13 ret ae he Gs ; copy buffer descriptor 
38 D4 01 405 CLRL Re 3 use prev mode ons 
00000000 "EF 16 01 $06 JSB EXESPROBER ; and probe buffer for readability 
5250 €9 8, dD 40 BLBC RO,RETURN_ACCVIO1 ; branch on failure 
59 «BA 0 1 g 408 MOVL (R10)+,R9 ; get the address to return Length 
08 13 Q1 409 BEQL 30$ 3; xfer if no return length required 
4 5 410 IFNOWRT #2,(R9),RETURN_ACCVIO1 ; else check for write access 
69 B4 3 : ai] CLRW (R9) 3 preset to zero 
013D 418 ; Use the index obtained from the index table to get the local protection 
Bie ret 3 structure base address and the offset into that same structure. | 
pgot CF44 OA b1z8 416 30$: MOVZBL INDEX_TABLECR4],R0 3; Get appropriate index table entry 
53 6840 «(0 0143) 417 MOVL  STRUCT_ADDR(R115CROJ.R3 ; Get structure base address 
FEDA CF44 E Bee 418 MOVAL OFFSET a + ania ; Get offset table entry 
55 6140 A 0140 419 MOVZBL (R1)CROIJ,R 3 Get the offset 
3 33 @ $13} ? Y ADDL oR 3; compute protection structure field address 
0154 4 § ; ALL of the basic checks about the item descriptor have succeeded. Now 
Bie ? ? 3; dispatch based upon the item code to take the appropriate action. 
01 54 CF EP 425 CASEL R4,#1,#MAX_CHP_CODE-1 
0065" 0138 426 40S:  .WORD ITEM_ACCESS-408 : CHPS_ACCESS 
0065" 015A 427 ~ WORD ITEM_FLAGS-40$ ; CHPS_FLAGS 
0057" 015c 428 «WORD ITEM_PRIV-40$ ; CHPS$_PRIV 
Boga, bi2e 429 WORD Bae et Paes, 3 CHPS_ACMODE 
O3F* 016 430 -WORD ITEM_ACCLASS-40$ ; CHPS_ACCLASS 
C4" 16 431 -WORD ITEM_RIGHTS-40 ; CHP$_RIGHTS 
a 1 4 § -WORD ITEM-ADDRIGHTS-40$ ; CHPS_ADDRIGHTS 
A‘ 198 4 ~ WORD ITEM_MODE-40$ ; CHPS_MODE | 
057° 016 434 - WORD ITEM_MODES-40$ ; CHPS_MODE 
0° O16A 435 -WORD ITEM_MINCLASS-40$ ; CHPS_MINCLASS 
g 16C 4 § WORD ITEM_MAXCLASS-40$ : P$_MAXCLASS 
65° 18 4 «WORD ITEM_OWNER-40$ ; CHPS_OWNER 
EF* 01 4 S ~ WORD ITEM_PROT-40$ ; CHPS$_PROT 
OA1' 017 4 . WORD ITEM_ACL-40$ 3 ACL 
1° 0174 440 «WORD ITEM_AUDITNAME-40$ ; CHPS_AUDI TNAME 
1% 176 441 ~WOR ITEM_ALARMNAME-40$ ; CHPS_ALARMNAME 
1° 017 44 .WO0 ITEM_MATCHEDACE-40$ ; CHPS_MATCHEDACE 
O6F * 44. rt .WO ITEM_PRIVUSED-40$ ; CHPS"PRIVUSED 
‘ 
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; Falling through indicates a bad parameter. 


BADPARAM : 
50. 214 9 MOVL #SS$_BADPARAM,RO ; set status 

O2BA 31 BRW RETURN_P1_BLOCK > and return 
; What to do when some portion of the item descriptor cannot be read or 
; written as necessary. 


RETURN_ACCVIO1: 
MOVL #SS$_ACCVIO,RO ; set error status 


50 OC 0 
BRW RETURN_P1_BLOCK ; and return 


0284 


Common routines to copy item text into the local storage block. for all 
of the ITEM_xxx routines below, the following register usage is utilized: 


ay te Scratch 
R Address of the local protection structure 
g Item cod 


4 ode 
RS Address of the local protection structure field 


0 
4 
0 
4 
5 
5 : Classification mask item. For the first of MIN or MAX class, copy 
8 ; the item into its partner to default the contents. 
0 ITEM_MINCLASS: 
50 44 A353. %E 1 MOVAB ORBSR_MAX_CLASS(R3),RO ; Point to other mask 
04 ¢ BRB 43$ 
ITEM_MAXCLASS: 
4 MOV ORBSR_MIN_CLASS(R3),RO ; Point_to other mask 
5 43$: BBCS #ORBSV_CLASS_PROT,ORBSB_FLAGS(R3) ,44$ ; Mark classification present 
§ ITEM_ACCLASS: 
ASSUME ARBS$S_CLASS EQ 20 
8 ASSUME ORBSS_MIN_CLASS EQ $8 
9 EQ 20 
0 
4 
0 


> 
@ 


50 _30 A3 43 
03 OB AS 04 €C 


ASSUME ORB$S~MAX-CLASS 
vL ORR 


iw lw lala ol al elo ol ojo lelel el el elel al oleleoleleleleleloelololeleloia! 
Sssscss >>> PrP rrr rr PP OO00000 0 0000009 09 0000 00 09 09 09 00 09 09 00 CF 09 09 C909 09 CD 09090009 SII II 


SA FF FF HOO OOWOS PB NNN SIPS ET & C909 09 00 09 09 C9 C9 CO C9 CO CO CO CO CIPI MO MOOD 


50 55 00 0 5,k0 ; Copy mask address 
80 68 7D 44$ MOVa (RB), (RO)+ : First 8 bytes 
5 88 7D MOVQ (RB)+,(R5)+ ; First ye 
80 68 7D MOV (RB), (RO)+ > Second 8 bytes 
S 7D 01 MOVa (RB)+,(R5)+ : Second 8 bytes 
80 68 D0 01 MOVL (RB) - (RO) + : Final 4 bytes 
85 88 D0 Q1 MOVL (R8)+, (R5)+ 3; Final 4 bytes 
1 NEXT_ITEM: 
FFGF = 331 ’ BRW GET_ITEM ; Go get next item 
! ; Quadword item. 
1 [TEM_PRIV: 
1 ITEM~MODES : 
65 68 7d Q1 9 MOVa (RB), (RS) ; store in local protection structure 
09 «#54 #«+»D1 QI 95 CMPL RG #CHPS_MODES ; Mode protection vector? 
4 is 1 9 BNEQ 3; Xfer if not 
0B A3 4 8 1 9 BISB2 #ORBSM_MODE_VECTOR,ORBSB_FLAGS(R3) ; Else note use of vector 
EF 11 } 8 498 45$: BRB NEXT_ITEM ; Go get the next item in the List 
1BD 0 : Longword item. 
18D 28 : 


” 
2: 
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18D 3 ITEM_ACCESS: 
1BD ITEM_FLAGS: 
1BD 4 ITEM_OWNER: 
65 68 D0 018D 5 MOVL (RB), (RS) ; store in local protection structure 
oe it § BRB NEXT_ITEM ; go get next item_descriptor 
\e 8 : Byte item. 
1¢ 10 TTEM_ACMODE : 
65 68 9A OIC 11 MOVZBL (R8),(R5) ; store in local protection structure 
+ ie 1 \§ BRB NEXT_ITEM ; go get next item_descriptor 
1¢7 14 3 Common pet for returning a longword value of some sort. Check for write 
pie? 516 ; accessibility, and then save the return address. 
17 9 [TEM_PRIVUSED: 
1C7 218 IFNOWRT #4,(R8),RETURN_ACCVIO1 ; xfer if cannot be written 
65 58 odO0 O1CD 51 MOVL R8,(R5) ; where to return information 
59 be 0100 520 TSTL R 3; return Lengch needed? 
D8 13 0102 521 BEQL NEXT_ITEM : xfer if no 
69 04 BO 0104 5 § MOVW #4, (R9) ; else set return Length 
Ss Att 2 ? BRB NEXT_ITEM 3 go get next item descriptor 
0109 525 : Common perh for returning a descriptor of some sort. Check for write 
at 94 : § ; accessibility, and then save the needed arguments. 
0109 528 * ASSUME CHPRET$W_AUDITLEN EQ CHPRETSL_AUDIT~4 
0109 529 ASSUME CHPRETSL_AUDITRET EQ CHPRETSL_AUDIT+4 
0109 530 ASSUME CHPRETSW-ALARMLEN EQ CHPRETSL_~ALARM-4 
0109 2 1 ASSUME CHPRETSL_ALA ET EQ CHPRETSL_ALARM+4 
0109 ¢ ASSUME CHPRETSW_MATCHED_ACELEN EQ CHPRETSL_MATCHED_ACE=4 
B1b8 2 7 ASSUME CHPRETSL_MATCHED_ACERET EQ CHPRETSL_MATCHED_ACE+4 
0109 535 ITEM_AUDITNAME: 
01D9 536 ITEMTALARMNAME : 
Ht 43 537 ITEM_MATCHEDACE: 
3h 27 4 Bie? 3 ag ar eR ; copy buffer descriptor 
38 D4 $t34 40 CLRL R3. 3; use prev mode only s 
OOOOOOOO'EF 16 OQ1E1 41 JSB EXESPROBEW 3; check item descr for writing 
98 29 4 Q1E7 $s BLBC RO,RETURN_ACCVIO1 ; xfer if cannot be written 
a D OQOIEA 4 MOVa R7,(R5)+ 3 save descriptor 
85 59 DO OED 44 MOVL RO, (RS) + 3 save return address specified 
BA 11 4 re BRB NEXT_ITEM 3 go get the next descriptor 
if ‘? : Special case item handling code follows. 
f “3 : Extract simple access mode. 
1F 1 [TEM_MODE : 
65 68 02 09 EF OIF § EXTZV #0,#2,(R8),(R5) 3; get access mode protection 
B38 ol IF? 33 BRB NEXT_{TEM t go get next item descriptor 
169 5 : Process ACL segment descriptor. 
1F9 5 TTEM_ACL: 
50 28 AS DO O1F9 8 MOVL ORBSL_ACL_COUNT(R3),RO ; get current number of descrs 
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06 12 O1FD 59 BNEQ 50$ xfer_if not the first one 
2C AS =: OOEC e nF 1FF 4 MOVAB ACL_LIST(R11) ,ORBSL_ACL bESC(RS 3) ; Else note address 
14 D 5 561 50S:  CMPL RO, #MAX_ACL_DESC ; table full? 
A iE 8 6¢ BGEQU 608 xfer if s 
2C B340 7 70 A MOVQ R7 ,@ORBSL “att PGs cR3) CRO)" 3 else save another 
28 A D6 F 64 INCL ORBSL ACL_ COUNT ( ; up count of ACL segments 
y 11 2 é BRB NEX ‘rt TEM” 3 gO get next item descriptor 
50 O9F8 8F C 14 67 60$: pov ZN. #SS$_ACLFULL,RO 3 set error code 
5280 34 1? 7 4 BRW RETURN_P1 BLOCK 3 and return 
\e 00 ; Build specified rights List. 
1¢ ge it ire HTS: 
8 i ot IT EM ~ROSRIGHTS: 
8 \t 576 ; If a new rights List is specified, forget any existing entries. 
06 54 »d1 O2IC S $0s: CMPL R4 ,#CHPS$_RIGHTS ; see if new rights List specified 
02 12 O21F 578 BNEG 1008 ; branch if not - add to existing 
56 4 02 1 ef CLRL R6 3; initialize counter 
8 2B) ; Add a new rights List descriptor to any that already exist. 
0B 56 »Di QO AG {00$:  CMPL R6 ,#MAX_RIGHT_DESC : is there room for this descriptor? 
17 «#1E O $ 584 BGEQU 1106$ : xfer if not, note error 
50 018C CB46 7E Q 38? MOVAQ RIGHTS we ty 6],RO0 ; set address of descriptor 
30 AB46 «= 550—s«éiéds«éO*0 4 6 MOVL RO,RIGATS_LIST(R11 Tike J ; Save address for later 
eo: 2 ms 587 MOVQ RT CRO) ; save Goegr iptor for later 
56 606 0 3 588 INCL ; next availa 
30 AB46 §=04 «(0238 =~ =—589 CLRL RIGHTS_LIST(R11)CR6] 3; mark current end 
023 590 NEXT_ITEM1: 
FEBF 31 O * 4. BRW GET_ITEM 3; go get next item descriptor 
50 O9E8 8F Hs 5 3F 98 110$: MOVZWL #SS$_RIGHTSFULL,RO ; else set error code 
O1FS 1 0244 594 BRW RETURN_P1_BLOCK 3 and exit stage left 
0 rif a2 
6 47 397 : The following section of code converts the standard protection mask into 
8 47 98 ; a series oe ongwords, each representing a specific class of users (system, 
47 599; groupe ofc. we e. further assumes that any extensions to the protection mask 
0247 600 ; will b 4 bit chunks; thus adding an additional word. Following is 
rtf 601 ; a en of the mapping that takes place: 
47 O86 : we me mm ewe mower emo rn peewee ene e fnew or ece 
47 604; + WORLD i: GROUP i: OWNER :{ SYSTEM { 
47 605 3 ween wee oe pee er see en tower we sen es doen eee 
47 6 § 3 | DIEIWIR | DIEIWIR | DIEIWIR | DIETWIR ; 
47 6 : ¢oewweoeon ef¢oeceecoceos $eeeececon $owewocecn + 
47 6 3 3 15 0 
47 609 ; 
47 610 : ¢eececocco goeoceccocoa goeoeecececcen $oewececccns 
47 611; { WORLD { GROUP { OWNER | SYSTEM } 
47 61g : SN ee baw ewes ea tor anm ewan 
47 61 2 eeoth H ey | ' ome te H 
47 614 2 i yore nee oee pew es er een + 
47 615; 0 
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th SiS pie 
47 18 ; \i i 
47 ° 0 ; \ , 
47 1; j 
_— § gi J 
tb 852 : 
af 69 SE IAN ER eres ale Set 0 
tp 858 3 re we ICIDIEIWIR! SYSTEM 
47 $ ‘ SS SSSSSSSSSSSSSSSSSSSSSSSSSSESEEESESEES Sa 
2h B58: x we ECIDIESWIR! OWNER 
of 6 , ° TPR ERROR OM OE BOO ROMO OO ROE Ne > 
8 i 3 ° : H eee (HCIDIEL WIR! GROUP 
6 47 635: 31 0 
a, 
0247 638 ITEM_PROT: ; € ia nie 
” rau , 3 rt $75 CRPL + aia : n+ es supplied? 
ye 38 8 5 dF 641 BLEQU 146$ : xfer if not - start loop 
FF58 31 0 2} o4§ BRW BADPARAM1 3 return error status 
: index 
51 4 54 644 1208: CLRL R1 : else reas OE es cael 
25 $849 $C B85 S45 Rove nap ce0p 2 i gefenext protection vord 
= of 4 6 5 £09 130$: CLRL RG > preload R4 
; 8 026 648 "  BICB3 #*XFO,R2,R4 ; get protection bits 
~ . o « se 6 649 ROTL R3,R4_R4 ; shift into position 
” 6521 3 ts 0 69 650 BISL2 Ra (RS) ER1] ; ae gh K HF 
52 52 FC BF 9 6D 651 ROTL - : 4 + | ae 
- ns 5 fe 8 $38 1408: SOBGEa a0} 415 . : go get next protection word 
11 as $38 BRB NEXT_ITEM1 3; done 
027B 656 -DISABLE LSB 
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OUTPUT PARAMETERS: 
SAME AS EXESCHKPRO 


IMPLICIT OUTPUTS: 
NONE 


ROUTINE VALUE: 
SAME AS EXESCHKPRO 


re $3 -SBTTL EXESCHKPRO_INT = SCHKPRO INTERNAL ENTRY POINT 
Bit 
4 906 FUNCTIONAL DESCRIPTION: 
78 oa This is he internal entry point to the SCHKPRO system service. This 
7B 665 entry point may be used to avoid the overhead associated with insuring 
78 998 that the item list is valid. This is done by assuming that the caller 
7B «66 has filled in the necessary arg blocks in the same manner as the item 
Ms 208 List processing code above. 
78 $56 CALLING SEQUENCE: 
7B «671 JSB EXESCHKPRO_INT 
78 of¢ 

67 INPUT PARAMETERS: 

674 ARB (RO): address of the agente wighes block 

675 ORB (R1): address of the objects rights block 

4 CHPCTL htt address of the protection check control block 

of CHPRET (R35): address of the return argument block 

re: IMPLICIT INPUTS: 

680 NONE 

681 

ong 

68 

one 

685 

686 

tf 

688 

689 

690 

6 


oO 
—_ 


SIDE EFFECTS: 
NONE 


> & SP OOO 009000909009 * SINS NS NOSIS 
SSSBR0S MOPOVMIN "WDOWOWDIVOIOOIOWIOVIOWOWOWODOOODOWIWIOOwIoIw 
o 
oO 


SOOOSOCOOSCOSCOCOOCOOCOSOOCOOGIOOOCOCOOCOOCOCOOSOOOOOCOOOOOCOOOOOO 


69 
69 
eae oo 
o3 3; Internal entry point to the protection check system service. 
098 EXESCHKPRO_INT:: 

8F BB 9 PUSHR #*M<R1,R2,R3,R4,R5,R6,R7,RB,RI,RIO,R11> ; save work regs 

02 00 00 MOVL  #CHKPRO_M”INTERNAL.R7 ; Reset flags & indicate internal en 
701 EXESCHKPRO CMAN: 

29 7D 7 § mova RO,R8 ; put structure addresses 

5 7D 7 MOVa R2,R10 ; in amore useful place 

5B OS 704 TSTL Rif ; was a return arg block given? 

14 ig 705 BNEQ 5$ :; xfer if so, skip following 

06 «OC 7? $ BISL2 #CHKPRO_M_NO CHPRET,R7 3 note fabricated CHPRET block 
7 ASSUME <CHPRETSC"LENGTH & $> EQ 0 

ec $3 7? 3 SUBL2 #CHPRETSC"LENGTH+4,SP ; else make room for one 

oe 7 MOVL SP,R1 ; save address 
99 2c 210 MOVCS #0, (SP) #0, #CHPRETSC_LENGTH#4, (R11) 
C1 4 ADDL #CHPRETSC_CENGTH.R11-CHPRETSL_PRIVS_USED(R11) ; privs used return 

af 3; If an ACL is supplied as a queue, lock it now. 
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17 08 Ad «=«01sé€d#* A 715 5$: BBC #ORBSV_ACL_ QUEUE ,ORBSB_FLAGS(R9) ,10$ ; Skip if not a queue 
A £16 DSBINT #IPL : Raise IPL to prevent deletion 
54 099000 0'9F 0 1 MOVL @#SCHSGL_CURPCB,R4 ; Get current PCB address 
0 4 Ag E B oe MOVAB ORBSL_ACC_MUTEX(R9) RO ; Set mutex address 
00000000'9F 16 B 4 JSB a#SCHSLOCRR ; Lock mutex for reading 
ms £ ? ; Set up an alternate SOGW protection vector/mask. This is used when checking 
+: g § ; to see if system or owner are allowed access if the AC. actually denies access. 
BC 724 ASSUME ORBSL_SYS_PROT EQ ORBS$W_PROT 
BC 725 ASSUME ORBS$L-OWN-PROT EQ ORBSL~SYS_PROT+4 
BC f g ASSUME ORBS$LWOR-PROT EQ ORBSL-GRP_PROT+4 
7E : <= BC 728 10$: MNEGL #1,-(SP) 3; deny access to group 
7E 1 ge O2BF 729 MNEGL #1,-(SP) 3; and wo 
7E 18 A9 7D 0 ce 730 OVQ ORBS$L_SYS_PROT(R9) ,-(SP) : Original system & owner protection 
04 0B A9 00 €1 02C6 731 BBC #ORBSU_PROT_16,0RB$B_FLAGS(R9),15$ ; Xfer if full vector 
01 AE O01 BE 8 3 4 ¢ MNEGB #1,1(SP) ; Else deny group & world access 
0 44 f : ; Perform the access mode protection check. 
53. 6A 00 6 See § 15$: MOVL CHPCTLSL_ACCESS(R10) ,R3 ; set up input parameters 
54° 08 AA 9A O2dD2 7 MOVZBL CHPCTL$B~MODE (R10) ,R4 
55 10 A9 9A 0206 738 MOVZBL ORB$B_MOBE(R9) RS : assume simple mode protection 
04 OB AI 0¢ gl O2DA 739 BBC #ORBST_MODE vECTOR ORB$B_FLAGS(R9) , 208 3; xfer if correct 
55 10 A O2DF 740 MOVAB ORB$Q MODE PROT(R9S ,RS : else set address of vector 
O3E9 30 O2E3 741 20S: BSBW ERESCRECKACHODE 3; do the actual check 
5c 50—s iE 8 3 rg BLBC RO,45$ ; xfer if access was denied 
O2E9 744 ; Next comes the non-discretionary protection check, if enabled (via a 
8 34 oe? ; SYSGEN flag), and if it is called for. 
22 00000000' 9F 00° €1 O2E9 rs BBC S*#EXESV_CLASS PROT, @#EXESGL_DYNAMIC_FLAGS,30$ ; xfer if not enable 
1D 0B Ad = «04 4 Fl 748 WORBSV_CCASS_PROT,ORBS$B_FLAGS(R9), 308 ; xfer if not present 
52. 68 3 43 749 MOVAB $Q_ PRivi( R ; else set up input parameters 
53° 04 AA OD F9 750 MOVL  CHPCTCSL_FLAGS(R10) .R3 
54 18 “ 9E FD 86751 MOVAB RBSR_CLASS(R8) ,R4 
55 30 a9 9E o1 138 MOVAB ORBSR-MIN_CLASS(R9) .RS 
56 4409 Q9 2 ae MOVAB ORBSR MAX CLASS(R9) ,R6 
O3FC 3 09 754 BSBW EXESCRECKCLASS 3; do the check 
24 BB 51 C8 O30 755 BISL2 BA BRUPRET L_PRIVS_USED(R11) 3; note any privileges used 
32 50 +€ : f 6 258: BLBC RO.45$ ; xfer if access denied 
1 ? 8 3 if there is any ACL, check it now. This ney be in one of two forms: 
1 759 ; 1) am ACL queue segment Listhead or 2) a ACL segment descriptor vector 
: £60 : and an associated count (of the number of descriptors). 
7 SA 7D 1 166 30$: MOva R10 mt 3: save CHPCTL and CHPRET 
5 6A 00 18 76 MOVL CHPCTLSL_ACCESS(R10),R3 : set up CHECKACL input parameters 
54 20 AB 9 1 764 MOVAB poses RIGHTSLIST(R8) ,R4 
26 0B a9 «(01sCé€E 1 165 BBC #ORBSV_ACL_QUEUE ,ORB$B_FLAGS(R9),50$ =; xfer if not a queue 
rey ; Handle the ACL segment queue here. 
SA 28 Ad 9 789 MOVAB ORBSL_ACLFL(R9),R10 : set address of queue head 
6A o5 7? TSTL tte : Is queue head valid? 
40 1 771 BEQL 70$ ; Xfer if not, nothing to check 
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B SA OD A 77 MOVL R10,R11 ; Else copy address for late 
sh A D 775 408: MOVL (RIO) R10 ; get address of next Segment 
B 5A : 04 CMPL R10.R41 ; end of the Line? 
5 BEQL 7 ; xfer if so 
ae ae CLAL R ; else preset segment size 
55 08 AA . & 77 SUBW3 #ACLSC_LENGTH, ACL$W_SIZE(R10),R5 3; set segment size 
56 OC AA 9 ore MOVAB age L_CIST(R16) ,R6 ; set address of ACEs 
> r a BRB 6 3; go do the ACL check 
4 781 ; If an invalid ACL has been seen, clear the local ACL_PRESENT flag so that 
r 4 § ; it is not checked for an AUDIT or ALARM ACE. 
yy OCU 8 ? f : 44$: BICL2 #CHKPRO_M_ACL_PRESENT,R7 ; Forget any ACL present 
0 r 4 § ; Intermediate branch for BYPASS checking. 
0088 = =s«é51 43 788 45$: BRW BYPASS_CHECK ; Go check for BYPASS priv 
0 if 736 ; Handle the descriptor vector here. 
5A 28 AY 00 034 P36 50$: MOVL ORBSL_ACL_COUNT(R9) ,R10 ; get the number of descriptors 
1¢ 613) «034C)0—s 79 BEQL 70$ ; xfer if no ACL supplied 
5B 2C Ad a4 bee 794 MOVL ORBSL AGL DESCIRDD A1t ; get address of descriptor list 
55 88 DO : ag, 60$: MOva (R11)F,R ; get a descriptor 
0355 a4 3 Now check the ACL segment described by R5 & R6. 
57 Q1 gs 0355 799 65$: BISL2 #CHKPRO_M_ACL_PRESENT,R7 ; note an ACL present 
17D 0 0358 800 BSBW EXESCHECKACL i search this segment 
0908 8F 50 861 B32 01 CMPW RO, #SS$_NOENTRY 3 was anything found? 
po 1 $0 8 BNEQ ; xfer if so...go deal with it 
C6 OB AI 1 E 8 6 0 BBS #ORBSV_ACL_QUEUE ,ORBSB_FLAGS(R9) ,40$ ; if a queue, go get next 
8 5A fF 36 804 SOBGTR R10,6 ; else continue with next segment 
SA 3s 7D tee 805 70$: MOVQ (SP5+,R10 3 restore saved registers 
11 t944 ang BRB 110$ 3 go try next chec 
re 4 3; If the ACL segment is invalid, go check for BYPASS. 
21€4 BF 50 ~=««B1 $i 10 80$: CMPW RO,#SS$_IVACL 3; Valid ACL? 
cc «(13 r 1 BEaL = 448 : Xfer if not 
oe 18 ; An entry was found in the ACL. It may grant or deny access. 
5A of 7D 4 15 mMOVa (S$P)+,R10 3; restore saved registers 
56 dO 7 1g MOVL RO,R ; Save current status 
7¢ 81 ASSUME CHPRETSW_MATCHED_ACELEN EQ CHPRETSL_MATCHED_ACE~4 
52. (18 7 7¢ H MOVQ HPRETSW_MATCHED_ACELEN(R11),R2 ; get the return descriptor 
1 1 8 1 BEQL 00$ ; xfer if no need to return 
54 61 QA 0 MOVZBL ACESB Size Cat) R4 3; else get size of the ACE 
55°20 BD 1 MOVL HPRETSL_MATCHED_ACERET(R11),R5 ; note where Length is returned 
9 1 9 § BEQL 0s ; xfer if not returning Length 
65 4 00 B MOVL R4,(R5) ; else save ACE Length 
63 52 00 9} 8 2 af 4 308: MOVCS R4,(R1),#0,R2,(R3) ; copy matching ACE 
D 5 100$: MOVL Bs ; Restore saved status 
36 5 E af 3 BLBS RO,BYPASS_CHECK ; done if access granted 
9A 8 ; Processing of the protection mask depends upon what happened with the ACL 
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9A 9 ; processing. Matching an ACE overrides group nd world access. If no 
9A 0 ; protection mask was Supplied (coded as an ORBSL_OWNER equal to zero), 
. 1 ; access is granted if there was no ACL, and deniéd if there was one. 
55 5E 0 9A : MOVL SP,R5 ; Set modified prot mask addr 
50 34 C 039D 4 MOVZWL #S$$_NOPRIV,RO : Failure if no prot mask 
—E 11 a 5 BRB 120$ 3; go do SOGW check 
A 3 ASSUME ORBSL_SYS_PROT EQ ORBSW_PROT 
55 18 Ad 9E A 8 110$: MOVAB ORBSL_SYS_PROT(R9),R ; Set protection mask address 
39 4 3X A MOVZWL #SS$_ROPRIV,RO ; Failure if no prot mask & ACL pres 
03 2 0 60 A 40 BBS #CHKPRO_V_ACL_PRESENT,R7,120$ : Xfer if no ACL present 
0 1 ¢ . ] MOVZWL #SS$_NORMAL ,RO ; Else success if no prot mask & no 
3 set up above. 
Hy 1 os wet ww w 
2g 68 9 B 45 120$: MOVAB ARB$Q_PRIV(R8),R2 ; Set up input parameters 
53 6A SCO=0s«O038 46 MOVL CHPCTCSL_ACCESS(R10) ,R3 : Get the desired access 
54 20 A8 9 8 B6 4 MOVAB ARB =RIGHTOL IST CRG) RG ; Set rights List descr addr 
56 69 OD 3BA 6848 L ORBSL_OWNER(R9) ,R6 3 was there an owner? 
11 1 038D 849 BEQL BYPASS_CHECK : xfer if not, no SOGW check 
05 OB A9 98 5 tra $29 BBS #ORBSV_PROT 16, 0RB$B_FLAGS(R9) ,130$ 3; else check for full vector 
027 C4 51 BSBW EXESCHECKPROT 3; do check with full vector 
03 11 03C7 Ha BRB 140$ : go finish this check 
0247 30 03C9 853 130$: B6SBW EXESCHECKPROT_16 3 do check with word value 
24 BB 51 C8 base See 140$: BISL2 R1,A@CHPRETSL_PRIVS_USED(R11) 3 note any privileges used 
0300 836 ; At this point, the status will be set according to the protection checks 
tt : ; applied. Now check for any overriding privileges. 
0300 B39 BYPASS_CHECK: 
Ss 6100=C 0 309 60 ADDL2 #16,SP : Clean off protection vector 
OE 50 3 3D 61 BLBS 3; xfer is successful 
52 68 E 0306 6 MOVAB ARBS$Q_PRIV(R8),R2 ; Else set up input parameters 
53° 04 AA o6 0309 6 MOVL CHPCTC$L_FLAGS(R10).R3 
O39F 0 03DD 64 BSBW EXESCHECR_BYPASS ; check for BYPASS or READALL 
24 BB 51 C8 Beep o? BISL2 R1,a@CHPRETSL_PRIVS_USED(R11) 3; note any privileges used 
baer % ; Return any security audit or alarm names from the ACL segments supplied. 
O3E4 6 ASSUME CHPRETSW_AUDITLEN EQ CHPRETSL_AUDIT=4 
Bees 0 ASSUME CHPRETSL_AUDITRET EQ CHPRETSL_AUDIT+4 
O3E4 871 ASSUME CHPRETSW-ALARMLEN EQ CHPRETSL_~ALARM~4 
é? 4 ASSUME CHPRETSL_ALARMRET EQ CHPRETSL_ALARM+4 
2$ 50 00 E4 74 10$: MOVL RO,R6 ; save the final status 
22 5 00 ft E7 75 BBC #CHKPRO_V_ACL_PRESENT,R7 RETURN_STATUS : if no ACL, go finish up 
54 «6B EB 18 MOVAB CHPRET$Q_AUDITLEN(R115 ,R4 3; set descriptor address 
64 «OB E 7 TSTW (R4) ; want audit journal name? 
38 1 F 4 BEQL 20$ 3; xfer if not, try alarm journal 
53 D F 7 MOVL #ACESC_AUDIT,R3 ; else set the ACE type to get 
40 1 F 6 BSBB Ss EXE SGET_AUDIT : 90 get the journal name, if one 
10 50 3 F BLBC RO ; xfer if any errors 
54 OC AB fh § 208: MOVAB CHPRETSW_ALARMLEN(R11),R4 ; set descriptor address 
4 ° F TSTW (R4) 3 want alarm journal name? 
8 28 4 BEQL 30$ ; xfer if not, we're done 
53 6 OD 4 5 MOVL #ACESC_ALARM,R3 ; else set the ACE type to get 
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1 4 BSBB EXESGET Ave IT 3: go get the journal name, if one 
03 30 cB 4 3 $ BLBS Re. RETURNS TATUS ; 4 if no . owe 
56 D : : 3 30$: MOVL 3; Else change coved status 
r ay ; Done at last!! Release ACL mutex, if necessary, and do the final cleanup. 
40D $3 RETURN_STATUS: 
14 0B A9 2 E1 04 9 BBC arscns (7 onBEUE ORBSB_FLAGS(R9), vie 3; Xfer if not a queue 
54 09900090 0’ 4 0 41 94 OVL @#SCHSGL_CORPCB,R4 3 e get current PCB address 
: 41 95 MOVAB ORB ACC CO TERtR 9) ,RO ; ce mutex address 
000000 $: oF 1 £38 38 JSB OF SCHSUNLOCK 3 Unlock mutex 
4 9 ENBINT ; Restore IPL 
29 56 dO 04 3 4 10$ MOVL R6,RO : Restore the final status 
O¢ 01 €1 04 9 BBC #CHKPRO_V_ INTERNAL R7,30$ : xfer if system service ret 
0 37 2 €1 042d 900 BBC #CHKPRO-V HPRET R?, 208 ; xfer if no cleanup of CHPRET block 
E C CO 0431 901 ADDL2 ACHPRETSC” LENGTH ar lse remove the local CHPRET 
OFFE BF BA 0434 9 ; 208: POPR #*McR TR3,R4, RS -R6,R7,R8,R9, rio. R11> ; restore work regs 
05 ? g 4 ? RSB : return to caller 
5B BE D0 0439 905 30$: MOVL (SP)+,R11 ; Restore local storage block addres 
ett 208 RETURN_P1 BLOCK: 
QO000000'EF 68 OE Be ¢ 90 INSQUE (R11),CTLSGL_KRPFL ; Return block to lookaside List 
; return for system service entry 
04 044 908 RET t f t i t 
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FUNCTIONAL DESCRIPTION: 


This routine sgerches the access control Lists in the item 
List for security audit or alarm entries of the specified 


DOODSOSOOSOOOOOCOSOOOCO Ma 
Fe et et et et et et et et ee ee et, ee 
Pa? at et et et et et et et et et et ee 
PPP LPLL PPL LESSEE YO 


0 
T 
} 
1 
12 ; 
13 ; 
14; 
1? 3 
19 : 
13 : type. 
0 : CALLING SEQUENCE: 
: JSB EXESGETAUDIT 
3 : INPUT PARAMETERS: 
4; TYPE (R3): ACE type code of audit or alarm to find 
925 ; STATUS (R6): status of the protection check 
444 9 § ; ORB (R9): address of the object's rights block 
rer 4 3 CHPCTL (R10): address of the protection check control block 
iis ; : : IMPLICIT INPUTS: 
444 931: 
444 9 § ; OUTPUT PARAMETERS: 
772 4 ? : ITEM (R4): address of item descriptor to which to write 
0444 ; : IMPLICIT OUTPUTS: 
3 none 
444 937; 
Beas 938 ; ROUTINE VALUE: 
444 939; SS$_NORMAL if ACL ok - audit found or not 
444 940; SS$"IVACL if invalid 
444 80) 3 
444 4g 3; SIDE EFFECTS: 
444 943; NONE 
444 944; 
tee oF 
444 94 
444 2e8 EXESGET_AUDIT: 
O1FC BF BB 0444 94 PUSHR #*M<R2,R3,R4,R5,R6,R7,R8> 3 save work registers 
D4 0448 229 CLRL 3 gyert with the first ACE 
1C OB AD «6(O1-sé#éz+ rie 32 BBC #WORBSV_ACL_QUEUE ,ORBSB_FLAGS(R9) ,20$ : xfer if not a queue 
re 938 3; Handle the ACL segment queue here. 
57 28 a9 446 955 MOVAB COCR, ACLPL CRD) .R? ; else set address of queue head 
28 |) an 453 228 MOVL R7,R 3; copy address for later 
oe. $28 957 10$: MOVL (R?) ,R7 ; get address of next segment 
5857 D4 4 998 CMPL =—soaR7_ RO : end of the Line? 
F 13 045¢ 95 BEQL 308 : xfer if so 
5 D& 04 9 CLRL R 3 else preset segment size 
55 98 A? 0 AS 04 b SUBW3 #ACLSC_LENGTH,ACLSW_SIZE(R7),R5 ; set segment size 
6 OCA H 4 : MOVAB Ace L_CIST(R7S RE > set address of ACEs 
1 r 9 bs BRB 4 ; go do the ACL check 
rte 5 ; Handle the descriptor vector here. 
4 966 
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57 28 a9 OD 468 7 208: MOVL PRESL ACL. COUNT (AD) AT i get the number of descriptors 
1 1 46F 8 BEQL 0 ; xfer if no ACL supplied 
58 2C A D 4 MOVL ORDSL AGL DESCIAD) .RE ; get address of descriptor List 
; 47 9 ips: MOVL (RB)+,R ; get a descriptor 
144 47 71 40$: BSBW EXES? [NDACL 3 gcate the specified type 
1 8 E 47 ie BLBS RO,60 ; xfer if in this one 
09D8 8F 8 47 7 CMPW RO, #SS$_NOENTRY 3; check for normal termination 
LE 12 04 74 BNEQ 1168 : exit if error 
CC 0B A9 eo. 4 75 BBS SOR GRY ACL QUEUE .ORBSB_FLAGS(R) 1 $ :; if a queue, go get next 
€8 57 OF 48A 4 SOBGTR R $ 3; else continue with next segment 
A 13 4 D , 50S: RB 95$ : Go finish up 
48F 8 ; An ACE has been found of the desired type. Check to see if the success/failure 
: ; aay ; status matches, and also that the access matches. 
28 61 9A O48F 386 60$: MOVZBL ACES$B_SIZE(R1),R0 : get ACE size 
0 5 C2 rt g SUBL #ACEST_AUDI TNAME ,RO ; Compute audit name Length 
01 D1 049 984 CMPL 8 #) 3; check for minimum size 
4 19 Beep 4 5 BLSS 106$ ; must have at least 1 byte of name 
049A 9 2 3; The following instruction depends on the (number and order of) registers 
Been 3 : ; saved upon entering EXESGET_AUDIT. 
07 10 AE E9 beer 44 BLBC 16(SP),70$ :; xfer if final status is failure 
B49 838 : Verify that the success/failure status of the protection check matches the 
ReOe Ser ; flags in the ACE. 
OE 02 Al 00 €0 oie 995 BBS #ACESV_SUCCESS ,ACESW_FLAGS(R1) ,80$ ; Xfer if success matches 
05 11 Rea 44) BRB 75$ ; Else go check next segment 
07 02 Al 01 EO 04A5 997 70S: BBS #ACESV_FAILURE ,ACESW_FLAGS(R1) ,80$ ; Xfer if failure matches 
A7 0B ADs O01 EO O4AA 44 75$: BBS #ORBSV~ACL_QUEUE , ORBSB_FLAGS(R9) ,10$ ; Else xfer if a queue 
BA 11 ry 1908 BRB 208 ; Else must be descr List 
ta ! a ; Now verify that the requested access is in fact enabled in the ACE. 
04 Al 6A 0 481 1 08 80$: BITL CHPCTL$L_ACCESS(R10) ,ACESL_ACCESS(R1) for desired access? 
sy 485 1004 BEQL 40$ > xfer if not, try another ACE 
2¢ HT 7D 0487 1005 MOVQ (R4)+,R 3 get descriptor 
5 4 00 4BA 1 8 MOVL (R4)+,R 3 get return length address 
2 1 48D 100 BEQL 90$ ; xfer if return Length not needed 
65 Be 4BF 1 3 MOVW RO, (RS) ; else save it 
65 $2 08 O8al 3 C 433 1 308: MOVCS RO,ACE$T_AUDITNAME(R1),#0,R2,(R35 ; copy the journal name 
50 01 06 cy 10 95$: mOVL ; NORMAL ,RO ; set tu cess return 
3; go u 
4CE 101 
50 glee 8F 3C 4C 1 i 1908: MOVZWL #SS$ ivagl RO ; invalid ACL = set error 
1FC BF BA 4D 1 110$: POPR #°M<R2,R3,R4,R5,R6,R7,RB> > save work registers 
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rt } Vy ~SBTTL EXESCHECKACL = CHECK FOR AN ACE IN AN ACL 
408 1 i§ p++ 
408 1020; 
re ! 1 ; FUNCTIONAL DESCRIPTION: 
408 1 : : This routine searches the specified access control List for an entry 
408 1024; that matches the specified rights list. If an entry is found, it 
Rep ! Ss checks whether the entry grants the requested rights. 
408 1 5 3; CALLING SEQUENCE: 
rt ! 8 : JSB EXESCHECKACL 
Rep 1030 ; INPUT PARAMETERS: 
408 1031 ; ACCESS (R3): bitmask of access requested 
Rep 10 § 3 RIGHTSDESC (R4): address of rights list descriptors 
4D 13 3 ACL_LENGTH (R5): Length of ACL segment 
Bee ! : : ACL (R6): address of ACL segment 
0408 18 6 ; IMPLICIT INPUTS: 
0408 1037 ; NONE 
0408 1938 3 
04D8 1039 ; OUTPUT PARAMETERS: 
0408 1040 ; ACE (R1): address of ACL entry matched 
0408 1041 ; 
04D Hk ; IMPLICIT OUTPUTS: 
0408 1043 ; NONE 
04D 1044 ; 
0408 1045 ; ROUTINE VALUE: 
0408 1046 ; SSS_NORMAL if matching ACE found and access is granted 
0408 1047 ; $_NOPRIV if matching ACE found and access is denied 
Bede 1048 ; SS$S_NOENTRY if no matching ACE is found 
408 1049 ; SSS_IVACL if the ACL structure is invalid 
0408 1050; 
0408 1051 ; SIDE EFFECTS: 
0408 1926 3 NONE 
0408 1053; 
0408 1328 3;-= 
ont 1055 
408 1328 ENABLE LSB 
408 105 
4D 1938 EXESCHECKACL:: 
O3E4 8F 408 1059 PUSHR #*M<R2,R5,R6,R7,R8,R9> ; save work regs 
ey 26 i) 40C 1999 MOVL R6,R9 3; set address of the first ACE 
§ C 4DF 1061 ADDL2 R RG :; cale end of the ACL segment | 
5 59 o0 rtd} 1906 10$: MOVL R9,R i position to next ACE 
56 ef D1 O4E5 106 CMPL R7,R6 ; more to go in this segment? 
9 1€ Q46EB 1064 BGEQU§ § ; xfer if not 
50 7 QA Q4EA 1065 MOVZBL ACESB_SIZE(R7),RO ; get the size of the current ACE 
4 13 Q4ED 1 66 BEQL 50$ :; xfer if at the end of the segment 
04 0 D1 O4EF 106 CMPL RO, #4 3; check minimum ACE size 
48 1F O4F2 1 OB BLSS 4 ; too small - error 
59 ©6457 0 Cl QO6F4 1 : ADDL + fs Gag ; cale the end of the current ACE 
56 9 D1 QO4F8 1070 CMPL R9,R6 ; beyond the end of the ACL segment? 
F 1A O4FB 1071 BGTRU 40$ i tier if so, note error 
E0 Oe A7 § 50 of8 1 i BBS #ACESV Der ALT ACE ay FLAGS(R7),10$ ; ignore default ACEs 
O1A 502 107 CMPB = =s_- ACESB_TYPE(R7) ,MACESC_KEYID ; else right type of ACE? 


intaraiictn lancet i geaegeassinpcepsieamndnadniincs dias ; 
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DA 12 BNEQ 10$ ; xfer if not, go try the next ACE 


ASSUME ACESV_RESERVED EQ 0 


50 4 CLRL RO re-clear nia order part 
50 a F FO 7 Bicee er) bee abs atte acegut SFLAGS(R?) RO R ahd of reserved area 
al start of actua 
98 ) CMPL ns He : sheet for non-null identifier list 
te BGEQU 40$ : branch if null = bad ACE 

52 D 208: MOVL (R8)+,R2 ; get an identifier from the ACE 

B 8 BSBB EXESSEARCH_RIGHT ; see if the grit) oad is present 
co E BLBC Rp. 9° : xfer if it is 

59 D1 CMPL R8B,RO ; at the end of che ACE? 

FSF BLSsu 208 : loop if not 


; At this point an ACE has been found whose identifiers are contained in the 
; rights Lists. Check for the desired access. 


24 $0$:  MOVL. _-#SS$_NOPRIV,RO ; preset status 
52 53 O4 A? CB BICL3 acesc ACCESS(R7), R3,R2 ; check for access 
03 12 BNEQ CHKACC_RETURN ; xfer if denied 
50 01 00 MOVL #SS$_NORMAL ,RO : else note successful 
CHKACL_RETURN: 
51 57 v0 MOVL R7,R1 3 return matched ACE 
O3E4 8F ‘ 8% #*M<R2,R5,R6,R7,R8,R9> |; restore work regs 
: The ACL or an ACE within the ACL has been found to be invalid. Note the 
; error for the caller. 
50 2164 BF 3¢ 40$:  MOVZWL #SS$_IVACL,RO : else set error 
Fl 11 BRB CHKACL_RETURN 3 go finish up 
: The ACL does not contain the specified ACE. Note this condition. 
50 0908 8F 3C Sos: MOVZUL #SS$_NOENTRY,RO ; set error status 
EA 11 BRB CHKACL_RETURN 3 go finish up 
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~SBTTL EXESSEARCH_RIGHT = SEARCH RIGHTS DESCRIPTOR FOR AN IDENTIFIER 
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FUNCTIONAL DESCRIPTION: 


identifier. 


CALLING SEQUENCE: 
JSB EXESSEARCH_RIGHT 


INPUT PARAMETERS: 
IDENTIFIER 
RIGHTSDESC 

IMPLICIT INPUTS: 
NONE 


(R2): 
(R4): 


: OUTPUT PARAMETERS: 
RESS 
DESC_ADDRESS 
: IMPLICIT OUTPUTS: 
NONE 


(R1): 
(R5): 
ROUTINE VALUE: 

SS$_NORMAL if ID was foun 


SIDE EFFECTS: 
NONE 
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ASSUME C_FORMAT EQ 0 
MAT 
ASSUME 
EXESSEARCH_RIGHT:: 
PUSHL 
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: Form a wildcard mask based upon the UIC 
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This routine searches the specified rights segment for the given 
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identifier being sought 
address of the rights segment descriptors 


address of the ID quadword if found — 
address of the rights segment containing the ID 


d 
SS$-NOSUCHID if the ID was not found 


; save work registers 


; see if match-all specified 
; branch if 
> set test mask to all ones 
; search pattern is zero 
; and execute match code 


not 


xfer if invalid identifier format 


; preset UIC mask 


check for a UIC type identifier 
xfer if not a UIC 


entry in the ACE. 
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SYSCHKPRO - CENTRAL PROTECTION CHECK ALGORITH 
v04-000 EXESSEARCH_RIGHT = SEARCH RIGHTS DESCRIP SEP=1 SYS.SRCISYSCHKPRO.MAR; 1 
QOOOSFFF BF 52 O& 10 + €ED ° 112) CMPZV inte ciaolatiaits ctuag his | rors yn ate 
; wildcard grou 
3 3 F 1158 BNEQ 10$ ; xfer if abt . 
5A D 1 1174 MOVL R2,R10 ; get the UIC with wild group 
A B4 74 #1175 CLRW 3 z9p the member for now 
FFFF 8F ¢ B1 76 1128 10$: CMPW Re #UICSK_WILD_MEMBER ; wildcard member? 
12 0578 117 BNEQ 208 : xfer if not 
24 4 AE 0570 1128 MNEGW #1 Rig 3 else note it 
2 A CA 2 a4 208: BICL R16,R 3 mask out unneeded portions 
5 1181 ; At this point an identifier exists in R2. Now scan the rights List segments 
: 1 § 3; to see if it exists within the rights Lists. 
55 BS 09 5 1184 $0$: MOVL (R4)+,R5 3; else get address of a descriptor 
— -% 5 $ 1185 BEQL ; xfer if at the end...1D not found 
53 65 ; 5 11 § MOVZWL (R5),R3 ; else get size of descriptor 
53 53 FD BF 0588 11 ASHL  —- #=3,,R3,R3 : get number of entries 
ite 11 : BEQL 30$ ; xfer if none to check 
51 04 A5 00 0592 11 MOVL 4(R5),R1 i get starting address 
50 61 DO 0596 1190 40$:  MOVL (R1),RO : get the identifier 
ge 1 Beep 1191 BEQL 30$ ; xfer if no more 
50 A CA 0598 1138 BICL R10,R0 ; mask out any unneeded portions 
50 52 D1 OQOS9E 119 CMPL Re RO ; ACE & rights List identifier match? 
OF 13 O5A1 119% Beat =: 608 : xfer if so, next identifier please 
51 98 co Bea? 1195 ADDL #ARBSS_RIGHTSDESC,R1 ; point to next identifier 
ED 5 F5 5A6 1196 SOBGTR R3,40$ F 9° a t 
d8ssiéd1zdt B2Ae 1138 30$ 3; if exhausted, try next rights List 
50 21EC BF 3C B2A8 1199 50$: MOVZWL #SS$_NOSUCHID,RO ; set status 
os B28 ! 8 BRB 70$ ; go finish up 
50 01 00 0382 1 8 60$: MOVL #SS$_NORMAL ,RO ; set status : 
53 BE dO 0585 1203 70$: MOVL (SP)#,R3 3 restore work registers 
54 8E dO 5B8 1204 MOVL (SP)+,R4 
SA 8E DO 0588 1205 MOVL (SP)+,R10 
05 O5BE 1206 RSB : return to caller 
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v04-000 EXESFINDACL = SEARCH FOR A PARTICULAR AC -SEP-1984 t 8h 249: :3¢ Yeys. SRCISYSCHKPRO.MAR; 1 ° (98) 
ot } 8 ~SBTTL EXESFINDACL = SEARCH FOR A PARTICULAR ACE IN THE ACL 
BF 1 19 pe+ 
BF 1211; 
rf ! \¢ ; FUNCTIONAL DESCRIPTION: 
SBF 1214 ; This ag oy | searches the specified ACL segment for an entry 
HH : 1? : of the specified type. 
pee 1 i 3; CALLING SEQUENCE: 
SBF 1 8 $ JSB EXESFINDACL 
peer 1219 ; 
SBF 1220 ; INPUT PARAMETERS: 
OSBF 1221; (R3): type code of ACE to find 
QOSBF 1 ¢ 3 ACL_LENGTH (R5): Length of ACL segment 
QOSBF 1 3 A (R6): address of ACL segmen 
B2eF ! : 3 PREV_ACE (R1): address of speviensis found ACE 
O36r 1 § : IMPLICIT INPUTS: 
SBF 1 3 NONE 
OSBF 1228 ; 
OSBF 1229 ; OUTPUT PARAMETERS: 
b2eF ! ? : ACE (R1): address of found entry 
OSBF 1 § 3; IMPLICIT OUTPUTS: 
SBF 1 : NONE 
SBF 1234; 
SBF 1235 ; ROUTINE VALUE: 
OSBF 1 § ; SS$_NORMAL if entry found 
OSBF 1 : SS$"NOENTRY if entry not found 
beer : 8 3 SS$-IVACL if ACL format is invalid 
OSBF 1240 ; SIDE EFFECTS: 
OSBF 1241 ; NONE 
OSBF 1 { ; 
OSBF 1243 ;-- 
OSBF 1244 
OSBF 1245 EXESFINDACL:: 
58 DD OSBF 1 rf PUSHL R8 3; save work regs 
57 DD B36 124 PUSH R7 
 — ae: was ets 1248 ADDL R5,R6,R7 ; calc the end of the ACL segment 
51 oe 5C7? 1249 TSTL R1 3 any previous entry? 
OA 1 5¢9 1250 BEQL 10$ 3; branch not 
50 1 9A eee 1251 MOVZBL Gn 98 SIZE CRT) AO ; else get size of ACE 
13 Ce 1 : BEQL = 4 : xfer if at the end of the segment 
51 C 500 1 é ADOL 8 R1 : else point to the next one | 
03 1 3 4 BRB $ 
51 26 DO 0505 1 $ 198: MOVL R6,R1 3; set up for the first ACE 
57 1 o1 23 1 20$: CMPL R1.R7 ; at the end of the ACL? 
25.—osd1E DB 1 8 BGEQU 40 ; xfer if so done for the moment 
50 61 9A O5DD 1 MOVZBL ACESB_SIZE(R1),RO ; else get size of | 
8 13 €O 1 $ BEQL 4 ; Xfer oy th the afte 7. the segment 
04 e E2 1261 CMPL #4 : check ff. 
14 F €5 1 86 ity 3; too small - a. 
58 1 28 C1 iy ADDL RO,R1,R8 : and point to the next one 
7 D1 EB 1264 CMPL R8,R7 ; check end of ACE against ACL 


] 
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v04-000 EXESFINDACL = SEARCH FOR A PARTICULAR AC 5=-SEP-1984 03:49: SYS.SRCISYSCHKPRO.MAR; 1 (12) 
0B 1A 43 1265 BGTRU 30$ ; xfer if out of range 
53 O1Al 91 FO 1 96 CMP A -\guetiheloanedatne ; found desired type? 
43 i FL 126 BEQL 5 ; xfer if so, time to go 
_: 2 Dd Fg 1 °8 MOVL RB RI 3; advance to next ACE 
DD 11 0569 186 BRB 208 : go test for the end 
50 2164 BF 3C FB 49 30$: MOVZWL G5S5_IVACL RO ; else set error status 
OA 11 : ; 6 BRB 60$ : go finish up 
50 0908 8F 3C 06 1274 40$: MOVZWL 1 atari 3 no entry found 
03 11 06 4 ! .? BRB 60$ ; go finish up 
50 4 dO 4 9 1 58 50$: MOVL #SS$_NORMAL ,RO i entry found 
57 —E 00 O60C 1 4 60$: MOVL (SP)4,R7 ; restore work regs 
58 «BE 4 60F 127 MOVL (SP)+,R8 
05 0612 1280 RSB 
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~SBTTL EXESCHECKPROT_16 = DO STANDARD SOGW CHECK WITH WORD INPUT 


em 
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FUNCTIONAL DESCRIPTION: 


This routine pyrreree the standard ‘'system - owner - group r 
world’ protection check ys ing the information supplied. This 
routine differs from EXESCHKPROT in that it expects a pointer 
to a word protection mask input instead of a pointer to a 
longword array. 


CALLING SEQUENCE: 
JSB EXESCHECKPROT 


INPUT PARAMETERS: 
PRIV_MASK 


tt address of accessor privilege mask 

ACCESS (R3): bitmask of access requested 
RIGHTSDESC (R4): address of rights List descriptors 
PROTECTION (R5): address of the protection word to use 
OWNER (R6): owner UIC of object 

IMPLICIT INPUTS: 
NONE 


OUTPUT PARAMETERS: 
PRIVS_USED (R1): bitmask of privileges used to gain access 
IMPLICIT OUTPUTS: 
NONE 
ROUTINE VALUE: 
SS$_NORMAL: access is granted 
SS$_NOPRIV: access if denied 


SIDE EFFECTS: 
NONE 


EXESCHECKPROT_16:: 
PUSHL™ R10 


SD PNNS FMM DW O NUWWIWININN NNW ANNA AIA ANNA AAAI NAAN AAA AANA AANA AN AA ANNAN 


COOCCOOCOOCSOOSOSOSOOOOOOCOOSOSOOOOOOSOSOOO COCO OOOOOOOO OOOO OOOOSOOO 
a a a a a kk kd dd a es OO) 
AANA AA AAAAAA AIAN AANA AINA AAAI WIAA AI AI I Inononononononononononoponronrononnn = +O 
AWIAIAIAIAI AIA IPIPIPINININININID 9 3 3 OP MOOOCOOOOOCOCOOOOOOOOOOOMWMOdcpo Cc OCDCD I 
AIF ARO OD NAUNE WIN OOD NAME WIN OS OD NAN EWN OS OD NAN E WIN  O OO NOE 


DREXEL XA PAA AAD DDD. DDD DD DD DS DD DDD ODE PAPA AAA AA AAA AAA Oe 


5A 0dD $ R 3 Save work regs 
7 DD PUSHL R 
0D PUSHL R 
3 06D PUSHL R 
5 oD PUSHL R 
7E 65 O04 OC EF EXTZV #12,44,(R5) ,-(SP) 3 save the world protection bits 
E 10 (C8 BISL2 #ARMSM, CONTROL, (SP) ; control access denied 
7E 38665 4 9 EF er tey #884, -(SP) ; save the group protection bits 
66 C8 BISL2 #ARMSM_CONTROL, (SP) : control access denied 
7E 65 04 4 EF EXTZV #4,84,TR5),-(SP) ; save the owner protection bits 
7E 865 4 0 EF EXTZV #0,#4,(R5),-(SP) 3; save the system protection bits 
5 —E 00 MOVL e : save address of protection array 
E 1 cf MNEGL #1,-(SP) ; indicate entry type 
OA 1 BRB EXESCHECKPROT_CMN 3 go join common code 
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~SBTTL EXESCHECKPROT = DO STANDARD SOGW PROTECTION CHECK 


+ 
+ 


FUNCTIONAL DESCRIPTION: 


This routine performs the standard ‘system = owner - ree . | 
world’’ protection check using the information supplied. 


CALLING SEQUENCE: 
JSB EXESCHECKPROT 


INPUT PARAMETERS: 
RIV_MAS 


PRI K tt address of accessor privilege mask 
ACCESS (R3): bitmask of access requested 
RIGHTSDESC (R4): address of rights List descriptors 
PROTECTION (R5): address of protection mask 
OWNER (R6): owner UIC of object 

IMPLICIT INPUTS: 
NONE 


WANNA NIAAA AAAI AANA A.A AAA AINE 


DPAEDPED Gs SB EE PW 


PAN SO OD NA NE WIN OS OO NIA MEW O OD NAN EW O OOD NOAU EW OWONOAUE WOOO 


06 OUTPUT PARAMETERS: 
be PRIVS_USED (R1): bitmask of privileges used to gain access 
06 IMPLICIT OUTPUTS: 
NONE 
ROUTINE VALUE: 
SS$_NORMAL: access is granted 


SS$_NOPRIV: access if denied 
SIDE EFFECTS: 
NONE 


cc ce a ce ec ee ee ee ee ce ee a ee ee me a ee ce ce ce ce ee ee ee ee ee ed ed od 


06 36 
06 3 
bee 6 
06 6 
aa 
$3 7 
6 7 
6 7 
ca 
$3 75 EXESCHECKPROT:: 
5A DD 063 7 PUSHL R10 3 Save work regs 
58 OD 064 7 PUSHL R8 
57 DD 064 7 PUSHL R?7 
53 DD 064 7 PUSHL R3 
LRL - ; indicate entry type 
7E D4 re CLR (SP) indi 
64 EXESCHECKPROT_CMN: 
50 91 DO 064 MOVL #SS$_NORMAL ,RO 3; assume success 
1 D4& 064 CL R1 3 no privs used yet 
5A 64 00 064 MOVL (R4) R10 3; get address of first descriptor 
5A 04 BA 00 $ MOVL a4(R10),R10 ; get the UIC from first descriptor 
83 ; Check for owner access first since it will be the most common 
56 SA D1 06 CMPL R10,R6 3; UICS match? 
09 is 6 9 BNEQ 10$ ; xfer if not, on to the next test 
57 044A D 6 9 MCOML 4(R5),R7 : get eqcess bits 
53 ; CA ; 9 BICL R7,R3 3; See i access allowed 
6 13 066 9 BEQL ©: 508 : xfer if it is 


7 
SYSCHKPRO = CENTRAL PROTECTION CHECK ALGORITHM 16-SEP-1984 747: AX/VMS M 4e- SY! 
v02=000 EXESCHECKPROT © DO STANDARD SogW PROTECT 'SeSepatone Doicgssy PENEMeS Macro VOerOO a. Page 30, vo 
1395 ; 
! $ : Try world access next. 
57 OC AS d2 1 10S: MCOML 12(R5),R7 ; get access bits 
53 3 CA 06 1 39 BICL 3 RR 5 See if access allowed 
4p. 13 6 A 1% 0 50$ : xfer if so 
é : 12 § : Since world access failed, try group access next 
SA SA CFO BF OC 1404 ° ROTL  #-16,R10,R10 ; get acc i 
8 88 OO BE OO beat debs ROTL #-16,R6,R8 S ics sneer ares kt es ae 
set Hh Bite ies Ghee ig Biky4 ps2 pete 
; xfer not ama 
5A C000 BF 8B 678 1088 BITW #*xC000,R10 3 check if UIC ferach accessor 
1A] obs 14 BNEQ gos ; branch if not = no group 
57 08 AS OD 6 1410 MCOML (R5) ,R7 3 get access bits 
53 57 CA 0686 1411 ICL R7,R3 3; see if access allowed 
2 «13 06 9 141g BEQL 508 : xfer if allowed 
pone 1213 3 Try for group access via the system protection field and GRPPRV 
0D 62 22 €1 0688 1416 ° BBC #PRVSV_GRPPRV,(R2),20$ ; branch if no GRPPRV 
4 $2 D2 068F 1419 MCOML (R5),R7 3 get access bits 
53 7 «CA Beng 1418 BICL R7_RS 3; see if access allowed 
iF fF 0695 1419 BNEQ 40$ : xfer if not allowed 
51 10 CB 0697 1420 BISL #CHPSM_GRPPRV,R1 ; else note GRPPRV used 
1D 11 Bean 1? 1 ; BRB 50$ ; go finish up 
oe3e 14 5 ; Finally check the system protection field 
09 62 1C £0 069C 1425 208: BBS #PRVSV_SYSPRV,(R2),30$ ; branch if no SYSPRV 
00000000 ' 9F an H pon 1 § a R10, a#EXESGL_SysuIC 3 system group? 
: t 
57 65 D2 06A9 1498 308:  MCOML (R5).R7 S get access bits 
53 57) «SC CA_—«(O6AC C1429 BICL R7,R3 : see if access allowed 
05 12 O6AF 1430 BNEQ 408 : xfer if not allowed 
51 01 C8 0681 1431 BISL #CHPSM_SYSPRV,R1 ; else note SYSPRV used 
03 =i se94 \ § ; BRB 50$ 3; go finish up 
bene 1? : : Note that no access was allowed 
24 0686 14 6 Los: MOVL § #SS$_NOPRIV,RO 
689 14 7 i Finally, clean up the stack. 
689 1440 50s: BLBC (SP)+,60$ ; branch if normal entry 
6BC 1441 ADDL2 #16,SP ; else clean up protection array 
6BF 1206 MOVL (SP§+,R 3; restore one reg 
oce 1445 608: MOVL (SP)+,R 3 restore remaining work regs 
6C 1444 MOVL (SP)+,R 
6C8 1445 MOVL (SP)+,R8 
6CB 1658 MOVL (SP)+,R10 
6CE 144 RSB 3 and return 
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~SBTTL EXESCHECKACMODE = DO ACCESS MODE PROTECTION CHECK 


SYSCHKPRO = CENTRAL PROTECTIO 
v04-000 


N CHE 
EXESCHECKACMODE = DO ACC 


aa 
om 


FUNCTIONAL DESCRIPTION: 


This routine performs the access mode protection check. The 
accessor access mode must be less than or equal to the access 

mode. for the per-access mode protection check, this must be 
frue ror case field in the access mode vector for which access 
s intended. 


; CALLING SEQUENCE: 
JSB EXESCHECKACMODE 


; INPUT PARAMETERS: 

(R3): bitmask of intended access 
ACCESS MODE (R4): access mode of accessor 
MODE _PROT (R5): access mode protection vector 


; IMPLICIT INPUTS: 
NONE 
OUTPUT PARAMETERS: 
NONE 
IMPLICIT OUTPUTS: 
NONE 


ROUTINE VALUE: 
SS$_NORMAL: access granted 
SS$_NOPRIV: access denied 


SIDE EFFECTS: 
NONE 


Bete Ge Ge Ge Se Ge Ge Ge Ge Be Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Ge Se Ge Se Ge Se Se Se Se Se Se 


SSSSCCCCCSOOSS SSO OOOO OOOO ERROR. 

DDD DDD DDD DDD ADAP AAA AA AAA AAA AAA AAA AAA AO 
POOAOOVOIOAIOAIOAAAOAOAAAOAAANAQAOOAOAOAAOOAOMOAOAOONOO 

Dk i i i i i Bi Ri De a a a a a De Be Be es es es es es es es es es Ds De Ds De De Be De Be De De 


ee _ ee eee ee ee eS SS } 
al altel ae ot ot ot ae et ee et et ee et ek ek ek ek ee eee eee eee 
CDOODCOCOC OOO OOOO WO OO W909 09 09 09 09 0 08 SINISE NSN OPP AA AA AAAA NIT 


DEAD 29 ODA NEU 9 OO NOAM EWN SO OD NAME WWI SO OD NAN EWI SFOOONOAOUNE 


C EXESCHECKACMODE:: 
59 OD C PUSHL R9 3; save work regs 
58 OD 6D PUSHL RB 
50 $2 DO 06D MOVL #SS$_NOPRIV,RO : assume failure 
04 5 D1 06D CMPL R545 ; value or vector? 
07 «1A 609 BGTRU 108 : xfer if a vector 
ey : Perform a simple access mode check. 
55 54 D1 06DB : CMPL =. R4 RS : else check for inner mode 
1E 18 6D BLEQU 308 : xfer if so 
a re; BRB 40$ ; else note failure 
6e : Perform the per-access mode check. 
9 DS O6E fos: CLRL RY : reset index 
28 20 9 C3 Q6E 20$: SUBL3 RR Bie R8 3; compute bits left to test 
59 9 fa 6E€8 FFS RO_R R3,R9 ; find next access bit set 
OF 3 06ED BEQL 30$ 3 no more bits found - done 
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Ck ALGORITHM Vg-SEB-198 
ESS MODE PROTECT 5-SEP-19 
ADDL3 R R9.RB 
CMPZV =- RB, #2, (RS) RS 
BLSSU 4 § 
AOBLSS #32,R9,20$ 
MOVL #SS$_NORMAL RO 
MOVL (SP)*,R8 
MOVL (SP)+,R9 
RSB 


4 
4 


03:29 


:36 AX/VMS Macro Vv04-00 
: SYS.SRCISYSCHKPRO.MAR; 1 


two bits at a time 

accessor mode more privileged? 
xfer if not 

move to next bit and loop 


; else set access allowed 
; restore work regs 


and return 


ron 
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v04-000 EXESCHECKCLASS = DO NON-DISCRETIONARY SE Verse eats ri 84:40:38 Yes. SRCISYSCHKPRO.MAR; 1 . day 
4 : 1g -SBTTL EXESCHECKCLASS = DO NON-DISCRETIONARY SECURITY CHECK 
7 1518 ;4+ 
7 1 18 ; 
4 ! ; FUNCTIONAL DESCRIPTION: 
7 1 : This routine performs the ngnediscrettonery security check, using 
f ! i 3 the spec fied” security and integrity levels and category masks. 
708 1525 : CALLING SEQUENCE: 
r ! § ; JSB EXESCHECKCLASS 
708 1 8 : INPUT PARAMETERS: 
7 1 3 PRIV_MASK HY address of accessor privilege mask 
7? 1530 ; ACCESS (R53): bitmask of access requested 
7 1531 ; bit "D => read 
7 1 § 3 bit 1 => write 
7 1 3 ACC_CLASS (R4): address of accessor's classification 
70 1 4; MIN_CLASS (R5): address of minimum classification of object 
4 1 5; MAX_CLASS (R6): address of maximum classification of object 
278 13 : IMPLICIT INPUTS: 
708 1539; 
O70 1540 ; OUTPUT PARAMETERS: 
A 130) ; PRIVS_USED (R1): bitmask of privileges used to gain access 
070 1348 : IMPLICLT QUTPUTS: 
708 1545 ; 
$36 1348 3; ROUTINE VALUE: 
708 1547; SS$_NORMAL if access granted 
70 1368 3 SS$"NOPRIV if access denied 
7 1330 > SIDE EFFECTS: 
0708 1551; NONE 
6) 1388 
708 1554 ° 
7 1555 EXESCHECKCLASS:: 
51 D4 4 ; 1238 CLRL R1 3 no privileges used yet 
4 | 38 | : Check for read access requested. 
70k 1560 ° ASSUME CHP SR READ EQ 1 
30 53 —«E9 , : ! e BLBC 3,108 
4 4 ! e§ : Check the security level using the simple securrity property. 
65 64 91 07 1565 *° cree fi $sB. SECUR_LEV(R4) ,CLS$B_SECUR_LEV(RS5) s access > min? 
69 1F 0710 1 96 BLS Sy 3 no, fail it 
50 04 A5 04 AG 8 4 : 2 BICL CLS$Q_SECUR_CAT(R4) ,CLS$Q_SECUR_CAT(R5) ,RO : Leu port oat 
50 08 AS 08 A4 8 71A «(1 8 BICL3 fi 3sa_ SECUR_CAT+#4(R4) ,CLS$Q_ secn =CATO4 (85) RO ;: high part OK? 
59 «CO 738 BNEQ xfer if high part checks out 
7 1 4 : Check the integrity level using the simple acti property. 


vi AX/VINS Macro. vO4-00 Page 34 
~SEP-1986 MAR; 1 (16) 
ROTECTION CHECK ALGORITHM 19-SEP- 5:38 Seas reece oa. , 
tact i EXESCHECKCLASS © DO NONDISCRETIONARY SE S-SEP=1986 O34 : 
. H < max 
Lag 91 OF ; 1303 CHEB CL S$B_INTEG_LEV(R6) , CLS$B_INTEG_LEV(R4) nos fait re 
01 Aa «0 3 if f 4 ! 73 Biers $380 INTEG_CAT(R6) ,CLS$Q_INTEG_CAT(R4) ,RO ; xfer tt not 
es ad s it i ; : : i BCLS Ch. 380_INTEG_CAT#4(R6), -CLS$Q_ ~INTEG, otee Et blak obet oh ge A) 
50 10 A4 * 37 i BNEG $ eee 
739 «1 ; Check for write access . aa 
: ; see if write access reques 
3A 53 «01—é€‘? , 3 : g ‘ BBC #CHPSV_WRITE,R3,50$ s 
, D : 3 Check the security level using the star property. ed 
Fab 1388 j SECUR_LEV(R6) , CLS$B_SECUR_LEV(R4) access < ma 
64 66 91 0750 1987 fos: cma CL s$B_SECUR_ neh ae : Tow part OK? 
10 oF re 1389 BieL LS$Q_SECUR_CAT(R6) ,CLS$Q_SECUR_CAT( xfer tt not 
$f ar 
50 04 AG oi 08 i 748 1339 BICL3 CLS$Q_SECUR_CAT+4(R6) .CLS$0_SECUR_ =CATe4 (RA) «RO giet Thethe om 
50 OR A4 BEQL 
ali, 733 1398 DOWNGRADE 
£86 E27 one, PRVSV DOWNGRADE, (R2),608 ; branch if no 
“ $¢ 88 3} r3g 1398 mt BISL FCNPSM” “DOWNGRADE ,R1 ; else note the use 
73 1399 Check the integrity level using the star property. Sea 
91 res 1898 fos: cree CLSSB_INTEG_LEV(R4) ,CLSSB_INTEGLEV(RS) : nota 
. ° r 
O1AS O16 91 re5 1608 Biers cLssa INTEG_CAT(R4) ,CLS$Q_INTEG_CAT(RS) ,RO ; eter tt rot 
- . r 
ee ae iH Bee 1e88 the GL S$Q_INTEG_CAT#4(R4) ,CLSSQ_INTEG_CAT#+4(R5) RO; high part Ox 
50 10 A5 10 Ad 1604 BEQL 
wae 729 60 UPGRADE 
£70 1605 PGRADE,(R2),60$ ; branch if no 
O7 SF Oe EB Ope feor  * —BISLSCHPSRCUPGRADE: RI S else note the use 
5104 777 1oR8 50$:  MOVL —_#SS$_NORMAL, RO ; note access granted 
xt pm 08 Oh 1610 RSB ; note denial of access 
ie 144. :  MOVL —#SS$_NOPRIV,RO 
50 24 0 0778 161] Gos: MOV . 
05 O77E 1612 
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FOR BYPASS OR R 
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~-SBTTL EXESCHECK_BYPASS = CHECK FOR BYPASS OR READALL PRIVILEGES 


++ 


FUNCTIONAL DESCRIPTION: 


This routine checks for either the BYPASS privilege (regardless of the 
access desired) or the READALL privilege and read access. In which 
case, success is returned. Otherwise access is denied. 


CALLING SEQUENCE: 
JSB 


EXESCHECK_BYPASS 


; INPUT PARAMETERS: 
STATUS 


ACCESS 
; IMPLICIT INPUTS: 
NONE 


: OUTPUT PARAMETERS: 
STATUS (R 
PRIVS_USED (R 
: IMPLICIT OUTPUTS: 
NONE 


es VALUE : 


SS_NORMAL: access is 
SS$_NOPRIV: access is 


SIDE EFFECTS: 
NONE 


EXESCHECK BYPASS: : 
CLRL R1 


CHPL RO, #SS$_NOPRIV 

CMPL RO, #SS$_IVACL 
; Xfer 

10$: BBC #CHPSV_USEREADALL ,R3 208 ; xfer 


B #PRVSV-READALL, (RO) ,2 
piste CCUPSR_READALL Rt ; else note READALL used 


20$: 


408: RSB 


BBC #PRVSV_BYPASS,(R2),40$ ; branch if no BYPASS 
BISL2 #CHPSM_BYPASS,R1 ; else note BYPASS used 


30$:  MOVL = #SS$_NORMAL,RO 


(RO): protection check status so far 
PRIV_MASK Ree 


address of the accessor privilege mask 


: bitmask of access requested 


: success or failure, depending on privs 

: bitmask if privileges used to gain access 
ranted 
enied 


3 no privs used so far 

; see if we are in fact checking NOPRIV 
Xfer if so, see if privilege override 
; Else check for an invalid 

Xfer if error cannot be overridden 

if READALL not applicable 
branch if no READALL 


3; successfu 


3; set success 
; and return to caller 


amc a a a a a a a a a y (aes 
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Symbol table eet $3:05:38 USyS. SRCISYSCHKPRO.MAR: 1 39) 
ACESB_SIZE = 0 D CHP$_FLAGS = 0 D 
ACESB_TYPE = 1 D CHPS$_MATCHEDACE = rf D 
ACESC_ALARM = 9 D CHPS_MAXCLASS = 08 D 
ACESC_AUDIT = D CHP$_MAX_CODE = 1 D 
ACESC_KEYID 2 1 D CHPS_MINCLASS z fee | 
ACESL_ACCESS = 4 D CHPS$_MODE = g D 
ACESL_KEY = 8 D CHP$_MODES = D 
ACE$S_RESERVED = 4 D CHPS_OWNER = D 
ACE$T_AUDI TNAME = 8 D CHPS_PRIV = 000 D 
ACESV_DEF AU = 0000 D CHPS$_PRIVUS = 8 D 
ACESV_FAILU = 00 D CHP$_PROT = 0D D 
ACESV_RESERVED = 98 D CHPS RIGHTS = 38 306 D 
ACESV_SUCCESS = D CHPCTL$B_MODE = D 
ESW_FLAG = 0000000 Dd CHPCTLSC_LENGTH = B88 Bos D 
ACLSC_LENGTH = 0000 ge D CHPCTLSL_ACCESS = 00000 D 
ACLSL_LIS = 000000 f D CHPCTLSL_FLAGS = 544 81 D 
ACL$W_SIZE = 0000000 Dd CHPCTLSM_READ = 00000001 D 
ACL_LTST = eae $8 D CHPCTLSM-WRITE = SOON ts D 
ARBSC_HEADER = 88 B38 0 Dd CHPCTL_ INDEX = 4 Bas D 
ARBSL_RIGHTSLIST = 00000 $3 Dd CHPRETSC_LENGTH = 0000002 D 
ARB$Q_PRIV = 00000000 D CHPRETSL_ALARM = 00000010 D 
ARBS$R_CLASS = 0000000C D CHPRETSL_ALARMRET = Hh 4b D 
ARBS$S_CLASS = 00000014 D CHPRETSL_AUDIT = 00000004 D 
ARB$S_RIGHTSDESC = 00000008 Oo» CHPRETSL_AUDITRET = 00000008 D 
ARBS$S"RIGHTSLIST = 00000010 oD CHPRETSL_MATCHED_ = 0000001¢ D 
ARB_ INDEX = 00000000 D CHPRETSL_MATCHED_ACERET = ea D 
ARMSM_ CONTROL = 00000010 D CHPRETSL_ S_us = 00000024 D 
BADPARAM QOOQOOOEA R D 88 CHPRET$W_ALARMCE = 0000000C D 
BADPARAM\ 0000017C R D O CHPRETSW_ TLEN = 00000000 D 
BUGS$_KRPEMPTY eeeeeeee = X 02 CHPRETSW_MATCHED_ACELEN = 00000018 D 
BYPASS_CHECK 00000300 R D 02 CHPRET_INDEX = 00000003 D 
CHKACL_RE TURN 00000534 R D 02 CLS$B_INTEG_LEV = 00000001 D 
CHKPRO_ARGCOUNT = 00000000 D CLS$B_SECUR_LEV = 00000000 D 
CHKPRO_ITMLST = 4444'S D CLS$Q_INTEG_CAT = 0000000C D 
CHKPRO_M_ACL_PRESENT = Ronee 01 D CLS$Q"SECUR-CAT = 00000004 D 
CHKPRO_M_ INTERNAL = 00000002 D CTLS$GC_KRPFC eeeeeeee X 02 
CHKPRO_M_NO_C = 00000004 D DSC$C_5_BLN = 9 et D 
CHKPRO_V_ACC_PRESENT = 00000000 D EXESCRECKACL 0000408 RG D 98 
EMEEROLY-WO. CPE = Souugggs 8 HIESEMEEReLAGS™ sauusge Ae 8 
HPSM_ByPass = 00 D EXESCHECKPROT O063F RGD O 
ENPEACPOUNGRAD = 099 $6 D EXESCHECKPROT_16 9000613 RGD 0 
CHPSM_GRPPRV = 0000001 D EXESCHECKPROT-CMN 000 $49 R D 
CHPS$M_READ = 38 1 D EXESCHECK BYPASS $ 7F RG D 
CHPSM_READALL = | eae EXESCHKPRO ig RG D 
CHPSM_SYSPRV = 000 1 D EXESCHKPRO_CMN 000 § R D | 
CHPSM_UPGRAD = 00 4 D EXESCHKPRO- INT $88 B RG D 
CHP$V_USEREADALL = 00 Q D EXESF INDACC QOOSBF RG D 
CHPSV- WRITE = D EXESGET AUDIT 0000444 R D 
CHPS$_ACCESS 2 1 D EXESGL_BYNAMIC_FLAGS eeeeeeee =X 
CHPS$_ACCLASS = 5 D EXESGL-SYSUIC eeeeeere =X 
CHPS”ACRODE = 2ag0000 EXESPROBEU eeeneres | 
CHP$_ADDRIGHTS = ee EXESSEARCH RIGHT 0000054A RG D 
CHPS-AUDI TNARE : a FINISRCTIERS. Q00000FO RD 
CHPSTEND = ? ae GET_ITEM taints: R D | 
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SYSCHKPRO = CENTRAL PROTECTION CHECK ALGORITHM 
Psect synopsis 
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! Psect synopsis ! 


Pee eoveeceesoeooewa} 


PSECT name Allocation PSECT No. Attributes 
~ Os 0000000 < -) 00 ¢ QO.) NOPIC USR CON ABS LCL N 

S$ 09009000 a ( 1.) NOPIC USR CON ABS LCL NOSHR 
YSEXEPAGED Q00007A7 ¢ 1959.) 2¢( 2.) NOPIC USR CON REL LCL NOSHR 


tmaenane Gene ee aoe se aoeaene we 


Phase Page faults CPU Time Elapsed Time 


Initialization | 29 90 :00:8 96 90 :00:0) . 36 
Sy eaeaeie ie ma 
Syabol table sort 359 00:00:04-97 00:00:06.1 
Symbol table output 25 00:00:00. 1¢ 09:00:00:4¢ 
Psect synopsis output 2 88: 60:00°6 00:00:00.0 
Cross-reference output 0 See 00:00:00.00 
Assembler run totals 929 00:00:23.4 00:01:20.28 


The working set Limit was 1950 pages. 

91137 bytes (179 pages) of virtual memory were used to buffer the intermediate cod 

ieere were 70 pages of symbol table space py ht to hold 1228 non-local and 94 local symbols. 
1668 source Lines were read in Pass 1, produci "8 86 object records in Pass 2. 

33 pages of virtual memory were used to define 32 macros. 
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Macro Library name Macros defined 


-$255$0UA28: CSYS.OBJILI eit 13 
“$255$DUA28: CSYSLIBJSTARLET.MLB;2 15 
TOTALS (all Libraries) 28 


1325 GETS were required to define 28 macros. 
There were no errors, warnings or information messages. 
MACRO/LIS=L1IS$:SYSCHKPRO/OBJ=0BJ$:SYSCHKPRO MSRC$:SYSCHKPRO/UPDATE=(ENHS: SYSCHKPRO) +EXECML$/LIB 
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